| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we silently cut off temporary passwords that contained a
null byte. With the change to CString, we returned a LibraryError
instead. With this patch, we change to generate_password function to
continue generating passwords until we have a password without a null
byte.
The chance of generating a password with a null byte is ca. 10 % for our
temporary password with 25 characters. Therefore the chance of having
to re-generate the password multiple times is low enough that we don’t
bother with re-generating only the null bytes of the password for the
time being. This should be improved in the future.
|
| |
|
|
|
|
|
|
| |
With commit f49e61589e32217f97c94aa86d826f6b65170fba, we changed the
GetPasswordSafe::get_password_safe to take a mutable reference to a
device. This makes sure that we cannot have two PWS instances for one
device at the same time, so we can drop the corresponding item from the
todo list.
|
| |
|
|
|
|
|
|
| |
This patch adds support for libnitrokey’s
NK_fill_SD_card_with_random_data function. It is executed by the
fill_sd_card function of the Storage struct. We also add a new test
case that is set to ignore because it takes between 30 and 60 minutes to
run.
|
| |
|
|
|
|
|
| |
This patch adds support for the NK_get_progress_bar_value function: It
adds the OperationStatus enum that stores the return value of this
command and adds the get_operation_status function to the Storage struct
that executes the command.
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch removes two items from the todo list:
- Check timing in Storage tests: Since we introduced the two seconds
timeout, no test failed due to timing issues. There is nothing we can
do to check it more precisely, so we just have to live with it for
now.
- Consider restructuring `device::StorageStatus`: We already have
structs for the volume status and firmware version. There is no need
to extract more fields.
|
| |
|
|
|
|
| |
This patch adds support for the NK_get_SD_usage_data function. It
returns a range of the SD card that has not been accessed during this
power cycle.
|
| |
|
|
|
|
|
| |
In the last patch, we added the get_status function to the Device trait.
This patch renames the Storage::get_status function to
get_storage_status to resolve the name clash – though allowed by the
compiler, it is rather confusing for the end user.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the GET_STATUS command that returns the
status information common to all Nitrokey devices. It can be accessed
using the Device::get_status function and is stored in a Status struct.
Due to a bug in the Storage firmware [0], the GET_STATUS command returns
wrong firmware versions and serial numbers. Until this is fixed in
libnitrokey [1], we have to manually execute the GET_DEVICE_STATUS
command to fix these values for the Nitrokey Storage.
Also, this leads to a name clash with the existing Storage::get_status
function, which will be renamed in an upcoming patch.
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/96
[1] https://github.com/Nitrokey/libnitrokey/issues/166
|
| |
|
|
|
|
| |
This patch adds the connect_path function to the Manager struct that
uses NK_connect_with_path to connect to a Nitrokey device at a given USB
path.
|
| |
|
|
|
|
|
| |
This patch adds support for libnitrokey’s NK_list_devices function by
introducing the top-level list_devices function. It returns a vector of
DeviceInfo structs with information about all connected Nitrokey
devices.
|
| |
|
|
|
|
|
| |
After some more research, I decided not to implement some of the methods
provided by libnitrokey. This patch adds them to the list of
unsupported functions in the readme, and removes them from the list of
unimplemented functions in the todo list.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the list of unsupported functions in the README and
the TODO and the list of functions changed in the libnitrokey 3.5
release:
- List all `*_as_string` functions as unsupported.
- List deprecated functions as unsupported.
- List `NK_read_HOTP_slot` as unsupported until an equivalent function
for TOTP exists.
- Ignore the changes to `NK_get_progress_bar_value` as the function is
not yet used by `nitrokey-rs`.
- Add the new functions from version 3.5 to the list of missing
functions.
|
| |
|
|
|
|
|
|
|
| |
As the return type of the NK_get_{major,minor}_firmware_version methods
changed with libnitrokey 3.5, we also have to adapt our
get_firmware_version function in device.rs.
This patch also updates the changelog and the todo list with the changes
caused by the new libnitrokey version.
|
| |
|
|
| |
This reverts commit 13006c00dcbd570cf8347d89557834e320427377.
|
| |
|
|
|
|
|
|
|
| |
The current implementation of PasswordSafe stored a normal reference to
the Device. This patch changes the PasswordSafe struct to use a mutable
reference instead. This allows the borrow checker to make sure that
there is only one PasswordSafe instance at a time. While this is
currently not needed, it will become important once we can lock the PWS
on the Nitrokey when dropping the PasswordSafe instance.
|
| |
|
|
|
|
| |
The TOTP test with the timestamp 59 often fails as the Nitrokey’s clock
ticks between setting the time and generating the TOTP code. This patch
also allows the TOTP code for timestamp 60 for this test case.
|
| |
|
|
|
|
|
| |
This patch adds license and copyright information to all files to make
nitrokey-rs compliant with the REUSE practices [0].
[0] https://reuse.software/practices/2.0/
|
| | |
|
| |
|
|
|
|
| |
Not all users of the authenticate methods want to use the device after
an error, so implementing From<(T: Device, Error)> for Error makes it
easier for them to discard the device.
|
| |
|
|
|
|
| |
Numeric casting might truncate an integer, while into() is only
implemented for numeric types if the cast is possible without
truncation.
|
| |
|
|
|
|
| |
The Pro and Storage structs may only be created using the connect
functions. This patch adds a private PhantomData field to the structs
to ensure that the compiler does not allow direct instantiation.
|
| |
|
|
|
|
|
|
|
|
| |
If possible, check specific error codes instead of `is_err()`. This
makes the code more readable and catches bugs resulting in the wrong
error code. Also, using the assert_*_err and assert_ok macros yields
error messages containing the expected and the actual value.
To be able to use these macros with the `get_password_safe` method, we
also have to implement `Debug` for `PasswordSafe` and `Device`.
|
| |
|
|
|
|
| |
NK_is_AES_supported is not needed for newer firmware versions of the Pro
and Storage, see this discussion for more information:
https://github.com/Nitrokey/libnitrokey/issues/142
|
| |
|
|
|
|
|
|
|
|
|
| |
An empty string returned from a libnitrokey function can either indicate
an error or be a valid return value. Previously, we assumed that it
indicates an error. But instead, we should check the last command
status and use it to decide whether to return the empty string or an
error code.
This breaks the unit tests that assume that empty strings cause errors.
These will be fixed in the next patches.
|
| |
|
|
|
|
| |
The clear_new_sd_card_warning method calls the libnitrokey
NK_clear_new_sd_card_warning function to reset the corresponding flag in
the Storage status.
|
| |
|
|
|
|
|
|
|
|
|
| |
The get_production_info method maps to the NK_get_production_info
function of libnitrokey. The Storage firmware supports two query modes:
with or without a write test. libnitrokey only performs the query
without write test, so the fields that are only set for the write test
are ignored in our implementation. This affects:
- user and admin retry counts
- smart card ID
- SD card size
|
| |
|
|
|
|
|
| |
The export_firmware method writes the firmware of the Nitrokey Storage
to the unencrypted storage. We only test that the command succeeds as
mounting the unencrypted storage and accessing the file is out of scope
for the tests.
|
| |
|
|
|
|
|
|
|
|
| |
We do not support old firmware versions on the Nitrokey Storage, so we
document that these outdated functions are not supported:
- NK_set_unencrypted_volume_rorw_pin_type_user
- NK_set_unencrypted_read_only
- NK_set_unencrypted_read_write
- NK_set_encrypted_read_only
- NK_set_encrypted_read_write
|
| |
|
|
|
|
|
|
|
|
| |
The new set_unencrypted_volume_mode method sets the access mode of the
unencrypted volume on the Nitrokey Storage. Depending on the requested
access mode, it calls either NK_set_unencrypted_read_only_admin or
NK_set_unencrypted_read_write_admin.
Note that this function requires firmware version 0.51 or later.
(Earlier firmware versions used the user PIN.)
|
| | |
|
| |
|
|
|
|
| |
This patch adds the wink method to the Storage struct that lets the
Nitrokey device blink until reconnected. We do not test this method as
it does not change the state that we can observe.
|
| |
|
|
|
|
|
| |
This patch adds the get_library_version function to the main library
module that queries and returns the libnitrokey version. As the version
fields are static values, we fetch them all at the same time and do not
provide getters for the individual fields.
|
| |
|
|
|
|
|
|
|
|
| |
This patch introduces the methods enable_hidden_volume,
disable_hidden_volume and create_hidden_volume for the Storage struct to
support the hidden volumes on the Nitrokey Storage. The enable and
create methods require that the encrypted storage has been enabled.
Contrary to authentication and password safe access, we do not enforce
this requirement in the API as file system operations could have
unwanted side effects and should not performed implicitly.
|
| |
|
|
|
|
|
|
| |
This patch adds the enable_firmware_update method to the Storage struct
that uses NK_enable_firmware_update to put the Nitrokey Storage into
update mode. This method is not tested as external tooling is required
to resume normal operation and as it is hard to bail out if an error
occurs.
|
| |
|
|
|
|
|
|
| |
This patch adds the build_aes_key method to the Device trait that uses
the NK_build_aes_key function to build new AES keys on the device. This
effectively resets the password safe and the encrypted storage. It is
unclear whether other data (e. g. the one-time passwords) are affected
too.
|
| |
|
|
|
|
|
| |
This patch adds the factory_reset_method to the Device trait that uses
the NK_factory_reset function to perform a factory reset. The tests
verify that the user and admin PIN are reset and that the OTP storage
and the password safe are deleted.
|
| |
|
|
|
|
| |
This patch adds the change_update_pin method to the Storage struct that
uses the NK_change_update_password function to set the password required
for firmware updates.
|
| |
|
|
|
|
|
|
| |
This patch adds the force argument to the set_time method in the
ConfigureOtp trait that allows the user to choose whether jumps to the
past are allowed when updating the time. It is implemented by using the
NK_totp_set_time_soft function. Previously, jumps where unconditionally
allowed.
|
| |
|
|
|
|
| |
This patch adds a `get_status` method to the `Storage` structure. The
returned structure `StorageStatus` is based on the structure provided by
libnitrokey.
|
| |
|
|
|
|
|
| |
As connect() now returns DeviceWrappers of the correct type, this patch
adds an example to the DeviceWrapper documentation that shows how to use
type conditions, i. e. how to execute a command only for Nitrokey
Storage devices.
|
| |
|
|
|
|
| |
This patch fixes the generic connect() method to return a DeviceWrapper
of the correct type. This is enabled by the NK_get_device_model()
method introduced in libnitrokey v3.4.
|
| |
|
|
|
|
|
|
| |
Old libnitrokey versions could return pointers to both statically and
dynamically allocated strings for functions that return strings. This
has been fixed in libnitrokey commit 7a8550d (included in v3.4). This
patch removes the old workaround and always frees the return value of
functions returning a string pointer.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When enabled, the password safe can be used without authentication. The
lock device can be used to lock the password safe. Currently,
PasswordSafe::drop calls this command to make sure that other
applications cannot access the password safe without authentication.
On the Nitrokey Storage, locking the device may also disable the
encrypted or hidden volume. As using the password safe should not have
side effects on the storage volumes, this patch removes the call to the
lock device command from the Drop implementation. Instead, the user
should call this method after making sure that it does not have side
effects.
A feature request for a command that only locks the password safe
without side effects is submitted to the Nitrokey Storage firmware
repository:
https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the commands to enable or disable the
encrypted volume on the Nitrokey Storage. To test these commands, the
output of lsblk is parsed for the device model “Nitrokey Storage”. This
is not perfect but seems to be the best solution for automated testing.
As the effect of enabling and disabling volumes is not immediate, a
delay of two seconds is added to the tests before checking lsblk. This
is sufficient on my machine, yet it would be better to have a portable
version of this check.
This patch also adds a lock method to Device that executes the
lock_device command. This command was previously only used to close the
password safe. On the Nitrokey Storage, it also disables the encrypted
and hidden volume.
|
| |
|
|
|
|
| |
By calling NK_lock_device when dropping a PasswordSafe instance, we can
make sure that the password safe cannot be reused without
authentication.
|
| |
|
|
|
|
| |
Implementing Into<CommandError> for (Device, CommandError) might allow a
user to use the ? operator on methods like authenticate_user within a
method returning a CommandError.
|
| |
|
|
|
|
|
|
| |
While 30 seconds is the default time step for TOTP, arbitrary values are
possible. Yet the RFC does only provide test cases for the default time
window. This patch adds tests where these test cases are applied for a
time window of 60 seconds (if both the current time and the time window
double, the resulting TOTP code is the same).
|
| | |
|
