| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
To enable applications like nitrokey-test to go back to a manager
instance from a Device instance, we add the into_manager function to the
Device trait. To do that, we have to keep track of the Manager’s
lifetime by adding a lifetime to Device (and then to some other traits
that use Device).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the last patches, we ensured that devices can only be obtained using
the Manager struct. But we did not ensure that there is only one device
at a time. This patch adds a mutable reference to the Manager instance
to the Device implementations. The borrow checker makes sure that there
is only one mutable reference at a time.
In this patch, we have to remove the old connect, Pro::connect and
Storage::connect functions as they do no longer compile. (They discard
the MutexGuard which invalidates the reference to the Manager.)
Therefore the tests do no longer compile.
|
|
|
|
| |
This reverts commit 13006c00dcbd570cf8347d89557834e320427377.
|
|
|
|
|
|
|
|
|
| |
The current implementation of PasswordSafe stored a normal reference to
the Device. This patch changes the PasswordSafe struct to use a mutable
reference instead. This allows the borrow checker to make sure that
there is only one PasswordSafe instance at a time. While this is
currently not needed, it will become important once we can lock the PWS
on the Nitrokey when dropping the PasswordSafe instance.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, all methods that access a Nitrokey device took a reference
to the device as input. This method changes methods that change the
device state to require a mutable reference instead. In most case,
this is straightforward as the method writes data to the device (for
example write_config or change_user_pin). But there are two edge cases:
- Authenticating with a PIN changes the device state as it may decrease
the PIN retry counter if the authentication fails.
- Generating an HOTP code changes the device state as it increases the
HOTP counter.
|
| |
|
|
|
|
|
|
|
| |
This patch adds license and copyright information to all files to make
nitrokey-rs compliant with the REUSE practices [0].
[0] https://reuse.software/practices/2.0/
|
|
|
|
|
|
|
| |
This includes:
- using idiomatic Rust
- limiting the scope of unsafe blocks
- simplifying code
|
|
|
|
|
|
|
|
|
|
| |
If possible, check specific error codes instead of `is_err()`. This
makes the code more readable and catches bugs resulting in the wrong
error code. Also, using the assert_*_err and assert_ok macros yields
error messages containing the expected and the actual value.
To be able to use these macros with the `get_password_safe` method, we
also have to implement `Debug` for `PasswordSafe` and `Device`.
|
|
|
|
|
|
| |
Previously, library errors were part of the CommandError enum. As
command errors and library errors are two different error types, they
should be split into two enums.
|
|
|
|
|
|
|
|
|
|
| |
This patch changes all public functions to return the Error enum instead
of the CommandError enum. This breaks the tests which will be fixed
with the next patch.
This patch also adds a placeholder variant Error::CommandError and a
placeholder enum CommandError to make the transition to a new
nitrokey-test version easier.
|
|
|
|
| |
This prepares the refactoring of util::CommandError into multiple enums.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until the last commit, all empty strings returned by the library were
interepreted as errors. As the PWS functions return empty strings for
unprogrammed slots, the methods to access the PWS data returned an error
when querying a slot that is not programmed. Since the last commit,
they return an empty string instead.
This patch restores the old behavior by returning an error instead of an
empty string. Yet we change the error variant: SlotNotProgrammed
instead of Undefined.
|
|
|
|
|
|
|
|
| |
This patch adds the build_aes_key method to the Device trait that uses
the NK_build_aes_key function to build new AES keys on the device. This
effectively resets the password safe and the encrypted storage. It is
unclear whether other data (e. g. the one-time passwords) are affected
too.
|
|
|
|
|
|
| |
After a factory reset, the password safe cannot be accessed as its
secret cannot be decrypted. This patch improves the documentation for
GetPasswordSafe::get_password_safe to reflect this behavior.
|
| |
|
| |
|
|
|
|
|
|
| |
This patch changes use declarations for modules within this crate to use
the crate:: path qualifier. This will be mandatory in Rust edition
2018.
|
|
|
|
|
| |
This patch changes the type of trait objects from `Trait` to `dyn
Trait`. This fixes bare-trait-object compiler warnings.
|
|
|
|
|
| |
This patch makes hidden life time parameters explicit to fix
elided-lifetime-in-path compiler warnings.
|
|
|
|
|
| |
Most notably, for command errors, this will print a human-readable error
message instead of just the name of the enum.
|
|
|
|
|
|
| |
The new get_cstring method in util returns a Result<CString,
CommandError>, so mast callers can just use the ? operator to unwrap the
result instead of cumbersome unwrapping code.
|
|
|
|
|
|
| |
The Result enum is more idiomatic and easier to use than our custom
CommandStatus enum with the same structure. This is especially true for
the try operator ?.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When enabled, the password safe can be used without authentication. The
lock device can be used to lock the password safe. Currently,
PasswordSafe::drop calls this command to make sure that other
applications cannot access the password safe without authentication.
On the Nitrokey Storage, locking the device may also disable the
encrypted or hidden volume. As using the password safe should not have
side effects on the storage volumes, this patch removes the call to the
lock device command from the Drop implementation. Instead, the user
should call this method after making sure that it does not have side
effects.
A feature request for a command that only locks the password safe
without side effects is submitted to the Nitrokey Storage firmware
repository:
https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65
|
|
|
|
|
|
| |
By calling NK_lock_device when dropping a PasswordSafe instance, we can
make sure that the password safe cannot be reused without
authentication.
|
|
|
|
|
|
|
|
|
| |
Instead of wrapping an owned Device instance, PasswordSafe now only
requires a reference to a Device. The lifetime parameter makes sure
that the device lives at least as long as the password safe. Using a
reference instead of an owned device allows us to implement Drop on
PasswordSafe to make sure that the password safe is disabled once it is
destructed.
|
|
A password safe (PWS) stores names, logins and passwords in slots. PWS
are supported both by the Nitrokey Pro and the Nitrokey Storage. They
are implemented as a struct wrapping a device as the device may not be
disconnected while the password safe is alive. The creation of a
password safe is handled by the GetPasswordSafe trait, implemented by
DeviceWrapper, Pro and Storage.
|