aboutsummaryrefslogtreecommitdiff
path: root/CHANGELOG.md
Commit message (Collapse)AuthorAge
* Store mutable reference to Manager in DeviceRobin Krahl2019-07-08
| | | | | | | | | | | | | In the last patches, we ensured that devices can only be obtained using the Manager struct. But we did not ensure that there is only one device at a time. This patch adds a mutable reference to the Manager instance to the Device implementations. The borrow checker makes sure that there is only one mutable reference at a time. In this patch, we have to remove the old connect, Pro::connect and Storage::connect functions as they do no longer compile. (They discard the MutexGuard which invalidates the reference to the Manager.) Therefore the tests do no longer compile.
* Move {Pro, Storage}::connect into ManagerRobin Krahl2019-07-08
| | | | | | | As part of the connection refactoring, this patch moves the connect methods of the Pro and Storage structs into the Manager struct. To maintain compatibility with nitrokey-test, the old methods are not removed but marked as deprecated.
* Move the connect_model function into ManagerRobin Krahl2019-07-08
| | | | | | As part of the connection refactoring, this patch moves the connect_model function to the Manager struct. As the connect_model function is not used by nitrokey-test, it is removed.
* Move the connect function into ManagerRobin Krahl2019-07-08
| | | | | | | As part of the connection refactoring, we replace the connect function with the Manager::connect method. To maintain compatibility with nitrokey-test, the connect function is not removed but marked as deprecated.
* Add Manager struct to manage Nitrokey connectionsRobin Krahl2019-07-08
| | | | | | | | | | | | | As part of the connection refactoring, we introduce the Manager struct that deals with connection management. To make sure there can be only once instance of the manager, we add a global static Mutex that holds the single Manager instance. We use the struct to ensure that the user can only connect to one device at a time. This also changes the Error::PoisonError variant to store the sync::PoisonError. This allows the user to call into_inner on the PoisonError to retrieve the MutexGuard and to ignore the error (for example useful during testing).
* Add ConcurrentAccessError and PoisonError variantsRobin Krahl2019-07-08
| | | | | | | | | This patch prepares the refactoring of the connection methods by introducing the Error variants ConcurrentAccessError and PoisonError. ConcurrentAccessError indicates that the user tried to connect to obtain a token that is currently locked, and PoisonError indicates that a lock has been poisoned, i. e. a thread panicked while accessing using a token.
* Update nitrokey-test and add nitrokey-test-stateRobin Krahl2019-07-07
| | | | | | | | | The new 0.2.1 version of nitrokey-test requires an additional crate, nitrokey-test-state. This patch updates the nitrokey-test version and adds the nitrokey-test-state dependency in version 0.1.0. See this thread [0] for more information. [0] https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3Ce3e908e5-3f66-7072-9603-8a4de5ac614b%40posteo.net%3E
* Update nitrokey-sys to version 3.5Robin Krahl2019-07-05
| | | | | | | | | As the return type of the NK_get_{major,minor}_firmware_version methods changed with libnitrokey 3.5, we also have to adapt our get_firmware_version function in device.rs. This patch also updates the changelog and the todo list with the changes caused by the new libnitrokey version.
* Revert "Refactor User and Admin to use a mutable reference"Robin Krahl2019-02-05
| | | | This reverts commit 0972bbe82623c3d9649b6023d8f50d304aa0cde6.
* Store mutable reference to Device in PasswordSafeRobin Krahl2019-02-02
| | | | | | | | | The current implementation of PasswordSafe stored a normal reference to the Device. This patch changes the PasswordSafe struct to use a mutable reference instead. This allows the borrow checker to make sure that there is only one PasswordSafe instance at a time. While this is currently not needed, it will become important once we can lock the PWS on the Nitrokey when dropping the PasswordSafe instance.
* Refactor User and Admin to use a mutable referenceRobin Krahl2019-02-02
| | | | | | | | | | | | In the initial nitrokey-rs implementation, the Admin and the User struct take the Device by value to make sure that the user cannot initiate a second authentication while this first is still active (which would invalidate the temporary password). Now we realized that this is not necessary – taking a mutable reference has the same effect, but leads to a much cleaner API. This patch refactors the Admin and User structs – and all dependent code – to use a mutable reference instead of a Device value.
* Require mutable reference if method changes device stateRobin Krahl2019-02-02
| | | | | | | | | | | | Previously, all methods that access a Nitrokey device took a reference to the device as input. This method changes methods that change the device state to require a mutable reference instead. In most case, this is straightforward as the method writes data to the device (for example write_config or change_user_pin). But there are two edge cases: - Authenticating with a PIN changes the device state as it may decrease the PIN retry counter if the authentication fails. - Generating an HOTP code changes the device state as it increases the HOTP counter.
* Add device_mut method to DeviceWrapperRobin Krahl2019-02-02
| | | | | | To prepare the mutability refactoring, we add a device_mut method to DeviceWrapper that can be used to obtain a mutable reference to the wrapped device.
* Implement DerefMut for User and AdminRobin Krahl2019-02-02
| | | | | | As we want to change some methods to take a mutable reference to a Device, we implement DerefMut for User<T> and Admin<T> so that users can obtain a mutable reference to the wrapped device.
* Add set_encrypted_volume_mode method to StorageRobin Krahl2019-01-31
| | | | | | | | | | Previously, we considered this command as unsupported as it only was available with firmware version 0.49. But as discussed in nitrocli issue 80 [0], it will probably be re-enabled in future firmware versions. Therefore this patch adds the set_encrypted_volume_mode to Storage. [0] https://github.com/d-e-s-o/nitrocli/issues/80
* Add get_firmware_version methodRobin Krahl2019-01-28
| | | | | | | | This patch combines the get_{major,minor}_firmware_version methods into the new get_firmware_version method that returns a FirmwareVersion struct. Currently, this requires casting from i32 to u8. But this will be fixed with the next libnitrokey version as we change the return types for the firmware getters.
* Always return a Result when communicating with a deviceRobin Krahl2019-01-27
| | | | | | | | Previously, we sometimes returned a value without wrapping it in a result if the API method did not indicate errors in the return value. But we can detect errors using the NK_get_last_command_status function. This patch changes the return types of these methods to Result<_, Error> and adds error checks.
* Rename Error::Unknown to Error::UnknownErrorRobin Krahl2019-01-27
| | | | | For consistency with the other Error variants, we rename Unknown to UnknownError.
* Remove the Result typedefRobin Krahl2019-01-27
| | | | | | | | | Many of our functions do not return a Result<_, Error>, but for example a Result<_, (Device, Error)>. We only use the typedef in one function, but it makes the other functions more complicated as we have to use result::Result (if crate::Result is imported). Therefore, this patch removes the typedef. Applications or libraries can still redefine it if they want to.
* Add tolerance for timing issues to the TOTP testsRobin Krahl2019-01-25
| | | | | | The TOTP test with the timestamp 59 often fails as the Nitrokey’s clock ticks between setting the time and generating the TOTP code. This patch also allows the TOTP code for timestamp 60 for this test case.
* Add license and copyright informationRobin Krahl2019-01-23
| | | | | | | This patch adds license and copyright information to all files to make nitrokey-rs compliant with the REUSE practices [0]. [0] https://reuse.software/practices/2.0/
* Implement From<(T: Device, Error)> for ErrorRobin Krahl2019-01-23
| | | | | | Not all users of the authenticate methods want to use the device after an error, so implementing From<(T: Device, Error)> for Error makes it easier for them to discard the device.
* Return UTF-8 error if libnitrokey returns an invalid stringRobin Krahl2019-01-23
| | | | | | | Previously, we used lossy UTF-8 conversion. Yet the user should be notified if we have a problem instead of silently changing the data. Therefore, we now return an error if we enocunter an invalid UTF-8 string. This leads to a change in `get_library_version`’s signature.
* Add Error::Utf8Error variantRobin Krahl2019-01-23
| | | | | Previously, we just ignored UTF-8 errors. This patch prepares the Utf8Error variant so that we are able to return UTF-8 errors.
* Implement From<Pro> and From<Storage> for DeviceWrapperRobin Krahl2019-01-23
|
* Add Pro::new and Storage::new functionsRobin Krahl2019-01-23
|
* Refactor and clean up all codeRobin Krahl2019-01-23
| | | | | | | This includes: - using idiomatic Rust - limiting the scope of unsafe blocks - simplifying code
* Prefer into() over numeric castingRobin Krahl2019-01-23
| | | | | | Numeric casting might truncate an integer, while into() is only implemented for numeric types if the cast is possible without truncation.
* Prevent direct instantiation of Pro and StorageRobin Krahl2019-01-23
| | | | | | The Pro and Storage structs may only be created using the connect functions. This patch adds a private PhantomData field to the structs to ensure that the compiler does not allow direct instantiation.
* Remove the unused CommandError::Undefined variantRobin Krahl2019-01-20
| | | | | | The CommandError::Undefined variant has been refactored into Error::UnexpectedError and CommunicationError::NotConnected and is therefore no longer needed.
* Return CommunicationError::NotConnected from connect functionsRobin Krahl2019-01-20
| | | | | | | | | Previously, we returned a CommandError::Undefined if a connect function failed. A CommunicationError::NotConnected is a more specific and better fitting choice. Once the Try trait has been stabilized, we should return an Option<_> instead of a Result<_, Error> from the connect functions.
* Add the CommunicationError enumRobin Krahl2019-01-20
| | | | | | Communication errors returned by libnitrokey were previously not mapped to an error type in the nitrokey crate. We introduce the CommunicationError enum to represent these errors.
* Refactor library errors into LibraryError enumRobin Krahl2019-01-20
| | | | | | Previously, library errors were part of the CommandError enum. As command errors and library errors are two different error types, they should be split into two enums.
* Move the CommandError::Unknown to ErrorRobin Krahl2019-01-20
| | | | | | | An error code can not only indiciate a command error, but also a library or device communication error. Therefore, the variant for an unknown error code should be placed in the top-level Error enum instead of the CommandError enum.
* Refactor CommandError::RngError into Error::RandErrorRobin Krahl2019-01-20
| | | | | We reserve CommandError for errors returned by the Nitrokey device. Errors during random number generation should have their own type.
* Return Error instead of CommandErrorRobin Krahl2019-01-20
| | | | | | | | | | This patch changes all public functions to return the Error enum instead of the CommandError enum. This breaks the tests which will be fixed with the next patch. This patch also adds a placeholder variant Error::CommandError and a placeholder enum CommandError to make the transition to a new nitrokey-test version easier.
* Add the Error enum and the Result<T> typedefRobin Krahl2019-01-20
| | | | | The Error enum is a wrapper for the possible error types (currently only CommandError). Result<T> is defined as Result<T, Error>.
* Implement std::error::Error for error::CommandErrorRobin Krahl2019-01-20
|
* Merge branch 'hotfix-0.3.4' into nextRobin Krahl2019-01-20
|\
| * Release v0.3.4Robin Krahl2019-01-20
| |
* | Introduce DEFAULT_ADMIN_PIN and DEFAULT_USER_PIN constantsRobin Krahl2019-01-19
| | | | | | | | The constants can be used for tests or after a factory reset.
* | Implement Display for VersionRobin Krahl2019-01-17
| |
* | Remove the test-pro and test-storage featuresRobin Krahl2019-01-16
|/ | | | | | | Since commit 65bff57e6139cc126191d4faabbcf74118932dd2, we use the nitrokey-test crate to select test cases. Previously, we used the features test-pro and test-storage to select test suites. These features are now obsolete.
* Release v0.3.3v0.3.3Robin Krahl2019-01-16
|
* Add delay between factory reset and building AES key in testsRobin Krahl2019-01-16
| | | | | | | | There seems to be a bug in libnitrokey or the Nitrokey Storage firmware that causes problems when chaining factory reset and build_AES_keys without delay (upstream issue [0]). [0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/80
* Fix result_from_string for empty return valuesRobin Krahl2019-01-16
| | | | | | | | | | | An empty string returned from a libnitrokey function can either indicate an error or be a valid return value. Previously, we assumed that it indicates an error. But instead, we should check the last command status and use it to decide whether to return the empty string or an error code. This breaks the unit tests that assume that empty strings cause errors. These will be fixed in the next patches.
* Use rand_os for random data generationDaniel Mueller2019-01-14
| | | | | | | | | | | | The rand crate comes with a slew of dependencies to cover all sort of randomness related tasks in various scenarios. However, this crate really only requires a tiny subset of this functionality. As it turns out, this core functionality is provided by the rand_os crate. This change drops the dependency to rand in favor of rand_os. In order to accomplish that, it brings back the RngError variant for the CommandError enum to capture the possibility of the creation of the random number generator failing.
* Add the clear_new_sd_card_warning method to StorageRobin Krahl2019-01-14
| | | | | | The clear_new_sd_card_warning method calls the libnitrokey NK_clear_new_sd_card_warning function to reset the corresponding flag in the Storage status.
* Add the get_production_info method to the Storage structRobin Krahl2019-01-14
| | | | | | | | | | | The get_production_info method maps to the NK_get_production_info function of libnitrokey. The Storage firmware supports two query modes: with or without a write test. libnitrokey only performs the query without write test, so the fields that are only set for the write test are ignored in our implementation. This affects: - user and admin retry counts - smart card ID - SD card size
* Release v0.3.2v0.3.2Robin Krahl2019-01-12
|