|  | Commit message (Collapse) | Author | Age | 
|---|
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | When enabled, the password safe can be used without authentication.  The
lock device can be used to lock the password safe.  Currently,
PasswordSafe::drop calls this command to make sure that other
applications cannot access the password safe without authentication.
On the Nitrokey Storage, locking the device may also disable the
encrypted or hidden volume.  As using the password safe should not have
side effects on the storage volumes, this patch removes the call to the
lock device command from the Drop implementation.  Instead, the user
should call this method after making sure that it does not have side
effects.
A feature request for a command that only locks the password safe
without side effects is submitted to the Nitrokey Storage firmware
repository:
	https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This patch adds support for the commands to enable or disable the
encrypted volume on the Nitrokey Storage.  To test these commands, the
output of lsblk is parsed for the device model “Nitrokey Storage”.  This
is not perfect but seems to be the best solution for automated testing.
As the effect of enabling and disabling volumes is not immediate, a
delay of two seconds is added to the tests before checking lsblk.  This
is sufficient on my machine, yet it would be better to have a portable
version of this check.
This patch also adds a lock method to Device that executes the
lock_device command.  This command was previously only used to close the
password safe.  On the Nitrokey Storage, it also disables the encrypted
and hidden volume. | 
| | 
| 
| 
| 
| 
| 
| 
| | The current Nitrokey Storage firmware does not support timestamps that
do not fit into an unsigned integer.  Therefore, the tests totp_pin and
totp_no_pin are restricted to 32-bit timestamps.  New tests totp_pin_64
and totp_no_pin_64 are introduced for 64-bit timestamps.  These are
expected to panic for the Nitrokey Storage. | 
| | 
| 
| 
| 
| 
| | The firmware version is too volatile to restrict it to certain values.
Therefore, we only check that there is a non-zero version number instead
of expecting specific values. | 
| | |  | 
| | 
| 
| 
| 
| 
| | By calling NK_lock_device when dropping a PasswordSafe instance, we can
make sure that the password safe cannot be reused without
authentication. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Instead of wrapping an owned Device instance, PasswordSafe now only
requires a reference to a Device.  The lifetime parameter makes sure
that the device lives at least as long as the password safe.  Using a
reference instead of an owned device allows us to implement Drop on
PasswordSafe to make sure that the password safe is disabled once it is
destructed. | 
| | 
| 
| 
| 
| 
| 
| 
| | While 30 seconds is the default time step for TOTP, arbitrary values are
possible.  Yet the RFC does only provide test cases for the default time
window.  This patch adds tests where these test cases are applied for a
time window of 60 seconds (if both the current time and the time window
double, the resulting TOTP code is the same). | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | A password safe (PWS) stores names, logins and passwords in slots.  PWS
are supported both by the Nitrokey Pro and the Nitrokey Storage.  They
are implemented as a struct wrapping a device as the device may not be
disconnected while the password safe is alive.  The creation of a
password safe is handled by the GetPasswordSafe trait, implemented by
DeviceWrapper, Pro and Storage. | 
| | 
| 
| 
| 
| | This patch adds the Storage struct and the test-storage feature.  It
also enables all currently supported Pro commands for the Storage. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | For DeviceWrapper, the traits GenerateOtp and Device are now directly
implemented instead of complicated template implementations.  For User
and Admin, the wrapper implementations are replaced with an
implementation of the Deref trait for easier access. | 
| | 
| 
| 
| 
| 
| | The set_time operation is only used with TOTP generation.  Therefore it
makes more sense to have it in the GenerateOtp trait than in the Device
trait. | 
| | 
| 
| 
| 
| 
| 
| | DeviceWrapper abstracts over the supported devices.  It implements the
traits that are implemented by all supported devices.  The previous
UnauthenticatedDevice is renamed to Pro to prepare Storage support.
connect_model is moved to Pro::connect. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | Since libnitrokey v3.3, libnitrokey no long has debugging output enabled
per default.  Therefore, a corresponding note can be removed from the
crate documentation and the set_debug calls can be removed from the
tests. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | In future versions, we want to support not only the Nitrokey Pro, but
also the Nitrokey Storage.  This requires a better code layout.  This
patch introduces two main changes:
First, the OTP-specific methods are moved from the Device trait and the
AdminAuthenticatedDevice struct to the functionality-based traits
ConfigureOtp and GenerateOtp.  This will hopefully make it easier to
integrate the Nitrokey Storage.
Secondly, the code is split into separate modules.  These modules are
currently all private and re-exported in the lib module, but we can
consider making them public in the future. | 
| | |  | 
| | 
| 
| 
| 
| | As Drop is only implemented for UnauthenticatedDevice, it is relevant to
test whether it also works if we work on authenticated devices. | 
| | 
| 
| 
| 
| 
| 
| 
| | Previously, the user had to explicitly call diconnect() to terminate the
connection to the Nitrokey.  Now NK_logout() is called automatically
once the device is out of scope as UnauthenticatedDevice implements
Drop.  AdminAuthenticatedDevice and UserAuthenticatedDevice do not have
to implement Drop, as it will be called recursively. | 
| | 
| 
| 
| 
| 
| 
| | In a previous commit, we changed get_string_result to only free the
string if the operation was successful.  Therefore we can re-enable the
tests in hotp_pin and totp_pin that cause failing OTP code generation
commands. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | While the Nitrokey device would generate a WrongSlot error, libnitrokey
catches these errors and raises an InvalidSlotException with error code
201.  This patch matches this error code to CommandError::InvalidSlot,
corrects the documentation and adds test cases.
To be able to test a failing OTP generation command, we have to adapt
get_string_result to free the string only if successful.  This is due to
the segfault issue in libnitrokey v3.3 (see todo list). | 
| | |  | 
| | 
| 
| 
| | Since libnitrokey v3.3, we can also access the minor firmware version. | 
| | 
| 
| 
| 
| 
| 
| | Now libnitrokey v3.3 is compiled from source, fixing the problems with
older libnitrokey versions (freeing strings, firmware version getter).
Also, bindgen is no longer a build dependency.  This makes the build
process a lot faster. | 
|  |  |