| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The util module provides helper methods to deal with the C strings
returned by libnitrokey. The current implementation has to problems:
- It causes unnecessary allocations if we only want to look at the
string, for example in get_serial_number.
- If the conversion from a CStr to a String fails, the string pointer
is not freed.
Therefore this patch introduces the run_with_str function that executes
a function with the string returned by libnitrokey and then makes sure
that the pointer is freed correctly.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, we silently cut off temporary passwords that contained a
null byte. With the change to CString, we returned a LibraryError
instead. With this patch, we change to generate_password function to
continue generating passwords until we have a password without a null
byte.
The chance of generating a password with a null byte is ca. 10 % for our
temporary password with 25 characters. Therefore the chance of having
to re-generate the password multiple times is low enough that we don’t
bother with re-generating only the null bytes of the password for the
time being. This should be improved in the future.
|
| |
| |
| |
| |
| |
| |
| | |
This patch changes the generate_password function and the User and Admin
structs to use a CString instead of a Vec<u8> when storing temporary
passwords. This makes sure that the strings that are passed to the C
API are properly null-terminated.
|
|/
|
|
|
|
| |
To make debugging of unexpected errors easier, this patch adds an
associated String value with a description of the unexpected behavior to
the UnexpectedError variant of the Error enum.
|
|
|
|
|
| |
rand_os::OsRng has been deprecated. Instead we can use rand_core with
the getrandom feature.
|
|
|
|
|
|
|
| |
This patch updates the rand_core dependency to version 0.5 and the
rand_os dependency to version 0.2. This causes a change in util.rs:
Instead of constructing an OsRng instance using OsRng::new(), we can
directly instantiate the (now empty) struct.
|
|
|
|
|
|
|
|
| |
Previously, we sometimes returned a value without wrapping it in a
result if the API method did not indicate errors in the return value.
But we can detect errors using the NK_get_last_command_status function.
This patch changes the return types of these methods to Result<_, Error>
and adds error checks.
|
|
|
|
|
| |
To avoid unnecessary function calls, we replace the or with an or_else
in get_cstring.
|
|
|
|
|
|
|
| |
rand_core does not have a stable release yet, and it is unlikely that
there will be one soon. To be able to stabilize nitrokey without
waiting for a stable rand_core version, we remove the rand_core::Error
type from the public API and replace it with a Box<dyn error::Error>.
|
|
|
|
|
|
|
| |
This patch adds license and copyright information to all files to make
nitrokey-rs compliant with the REUSE practices [0].
[0] https://reuse.software/practices/2.0/
|
|
|
|
|
|
|
| |
Previously, we used lossy UTF-8 conversion. Yet the user should be
notified if we have a problem instead of silently changing the data.
Therefore, we now return an error if we enocunter an invalid UTF-8
string. This leads to a change in `get_library_version`’s signature.
|
|
|
|
|
|
|
| |
This includes:
- using idiomatic Rust
- limiting the scope of unsafe blocks
- simplifying code
|
|
|
|
|
|
| |
Numeric casting might truncate an integer, while into() is only
implemented for numeric types if the cast is possible without
truncation.
|
|
|
|
|
|
|
| |
The UnexpectedError variant is used when a libnitrokey function returns
a value that violates the function’s contract, for example if a function
returns a null pointer although it guarantees to never return null.
Previously, we returned a CommandError::Unspecified in these cases.
|
|
|
|
|
|
| |
Previously, library errors were part of the CommandError enum. As
command errors and library errors are two different error types, they
should be split into two enums.
|
|
|
|
|
|
|
| |
An error code can not only indiciate a command error, but also a library
or device communication error. Therefore, the variant for an unknown
error code should be placed in the top-level Error enum instead of the
CommandError enum.
|
|
|
|
|
| |
We reserve CommandError for errors returned by the Nitrokey device.
Errors during random number generation should have their own type.
|
|
|
|
|
|
|
|
|
|
| |
This patch changes all public functions to return the Error enum instead
of the CommandError enum. This breaks the tests which will be fixed
with the next patch.
This patch also adds a placeholder variant Error::CommandError and a
placeholder enum CommandError to make the transition to a new
nitrokey-test version easier.
|
|
|
|
| |
This prepares the refactoring of util::CommandError into multiple enums.
|
|
|
|
|
|
|
|
|
|
|
| |
An empty string returned from a libnitrokey function can either indicate
an error or be a valid return value. Previously, we assumed that it
indicates an error. But instead, we should check the last command
status and use it to decide whether to return the empty string or an
error code.
This breaks the unit tests that assume that empty strings cause errors.
These will be fixed in the next patches.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rand crate comes with a slew of dependencies to cover all sort of
randomness related tasks in various scenarios. However, this crate
really only requires a tiny subset of this functionality. As it turns
out, this core functionality is provided by the rand_os crate.
This change drops the dependency to rand in favor of rand_os. In order
to accomplish that, it brings back the RngError variant for the
CommandError enum to capture the possibility of the creation of the
random number generator failing.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three more error codes are defined in libnitrokey but currently reported
as the CommandError::Unknown variant:
200: representing a string that exceeds a limit
202: indicating a string that is not in hexadecimal format when it
should be
203: suggesting that the target buffer is smaller than the source
buffer and, hence, too small
This change introduces the CommandError variants StringTooLong,
InvalidHexString and TargetBufferTooSmall, respectively, representing
those errors.
|
|
|
|
|
|
|
|
|
|
| |
The CommandError::Unknown variant, which is used whenever a reported
error code is not known, makes it close to impossible to determine the
root cause of, say, a one-off error, because all information explaining
what went wrong is discarded.
With this change we adjust the Unknown variant to include the error
report. In addition, we introduce a new CommandError variant, Undefined,
that is used when no error code is available.
|
| |
|
|
|
|
|
| |
We switched to rand::thread_rng() which cannot fail. Therefore the
CommandError::RngError is no longer needed and removed in this patch.
|
|
|
|
|
|
| |
As these three enums are scalar values, this patch derives the Clone and
Copy traits for them. This should avoid unnecessary allocations and
reduce the memory footprint.
|
|
|
|
|
|
|
|
| |
This patch updates the rand dependecy to version 0.6. It also replaces
the OsRng, which is guaranteed to use OS/hardware entropy, with the
thread_rng, which is likely to use OS/hardware entropy as a seed. The
choice of RNG and the handling of password should be reviewed at a later
point.
|
|
|
|
|
| |
This patch makes hidden life time parameters explicit to fix
elided-lifetime-in-path compiler warnings.
|
|
|
|
|
|
|
|
| |
Old libnitrokey versions could return pointers to both statically and
dynamically allocated strings for functions that return strings. This
has been fixed in libnitrokey commit 7a8550d (included in v3.4). This
patch removes the old workaround and always frees the return value of
functions returning a string pointer.
|
|
|
|
|
|
| |
The std::fmt::Display implementation provides a human-readable error
message for a CommandError. It is intended to be used in error
messages displayed to the user.
|
|
|
|
|
|
| |
The new get_cstring method in util returns a Result<CString,
CommandError>, so mast callers can just use the ? operator to unwrap the
result instead of cumbersome unwrapping code.
|
|
|
|
|
|
| |
The Result enum is more idiomatic and easier to use than our custom
CommandStatus enum with the same structure. This is especially true for
the try operator ?.
|
|
|
|
|
| |
This patch adds the Storage struct and the test-storage feature. It
also enables all currently supported Pro commands for the Storage.
|
| |
|
|
|
|
|
|
| |
Now, the documentation clearly states the purpose of each log level.
Also, the documentation for set_log_level is corrected: libnitrokey
always prints to stderr.
|
|
In future versions, we want to support not only the Nitrokey Pro, but
also the Nitrokey Storage. This requires a better code layout. This
patch introduces two main changes:
First, the OTP-specific methods are moved from the Device trait and the
AdminAuthenticatedDevice struct to the functionality-based traits
ConfigureOtp and GenerateOtp. This will hopefully make it easier to
integrate the Nitrokey Storage.
Secondly, the code is split into separate modules. These modules are
currently all private and re-exported in the lib module, but we can
consider making them public in the future.
|