aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* Implement easier CString creationRobin Krahl2018-06-07
| | | | | | The new get_cstring method in util returns a Result<CString, CommandError>, so mast callers can just use the ? operator to unwrap the result instead of cumbersome unwrapping code.
* Use Result<(), CommandError> instead of CommandStatusRobin Krahl2018-06-07
| | | | | | The Result enum is more idiomatic and easier to use than our custom CommandStatus enum with the same structure. This is especially true for the try operator ?.
* Use Storage struct for Storage-specific testsRobin Krahl2018-06-07
|
* Remove NK_lock_device call from PasswordSafe::dropRobin Krahl2018-06-07
| | | | | | | | | | | | | | | | | | | When enabled, the password safe can be used without authentication. The lock device can be used to lock the password safe. Currently, PasswordSafe::drop calls this command to make sure that other applications cannot access the password safe without authentication. On the Nitrokey Storage, locking the device may also disable the encrypted or hidden volume. As using the password safe should not have side effects on the storage volumes, this patch removes the call to the lock device command from the Drop implementation. Instead, the user should call this method after making sure that it does not have side effects. A feature request for a command that only locks the password safe without side effects is submitted to the Nitrokey Storage firmware repository: https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65
* Add support for encrypted volumeRobin Krahl2018-06-07
| | | | | | | | | | | | | | | | | This patch adds support for the commands to enable or disable the encrypted volume on the Nitrokey Storage. To test these commands, the output of lsblk is parsed for the device model “Nitrokey Storage”. This is not perfect but seems to be the best solution for automated testing. As the effect of enabling and disabling volumes is not immediate, a delay of two seconds is added to the tests before checking lsblk. This is sufficient on my machine, yet it would be better to have a portable version of this check. This patch also adds a lock method to Device that executes the lock_device command. This command was previously only used to close the password safe. On the Nitrokey Storage, it also disables the encrypted and hidden volume.
* Adapt TOTP test cases for Nitrokey StorageRobin Krahl2018-06-06
| | | | | | | | The current Nitrokey Storage firmware does not support timestamps that do not fit into an unsigned integer. Therefore, the tests totp_pin and totp_no_pin are restricted to 32-bit timestamps. New tests totp_pin_64 and totp_no_pin_64 are introduced for 64-bit timestamps. These are expected to panic for the Nitrokey Storage.
* Remove tests for specific firmware versionsRobin Krahl2018-06-06
| | | | | | The firmware version is too volatile to restrict it to certain values. Therefore, we only check that there is a non-zero version number instead of expecting specific values.
* Fix formatting in OTP test caseRobin Krahl2018-06-06
|
* Implement Drop for PasswordSafeRobin Krahl2018-06-05
| | | | | | By calling NK_lock_device when dropping a PasswordSafe instance, we can make sure that the password safe cannot be reused without authentication.
* Use a Device reference in PasswordSafeRobin Krahl2018-06-05
| | | | | | | | | Instead of wrapping an owned Device instance, PasswordSafe now only requires a reference to a Device. The lifetime parameter makes sure that the device lives at least as long as the password safe. Using a reference instead of an owned device allows us to implement Drop on PasswordSafe to make sure that the password safe is disabled once it is destructed.
* Add tests with different TOTP time windowsRobin Krahl2018-06-05
| | | | | | | | While 30 seconds is the default time step for TOTP, arbitrary values are possible. Yet the RFC does only provide test cases for the default time window. This patch adds tests where these test cases are applied for a time window of 60 seconds (if both the current time and the time window double, the resulting TOTP code is the same).
* Add support for unlock_user_password commandRobin Krahl2018-05-31
|
* Fix formatting issuesRobin Krahl2018-05-31
|
* Add test case for writing the HOTP counterRobin Krahl2018-05-30
|
* Fix implementation of Authenticate for DeviceWrapperRobin Krahl2018-05-29
| | | | | | Previously, the Authenticate implementation for DeviceWrapper paniced if the wrapped device is a Nitrokey Storage. This patch implements authentication for wrapped Storage devices.
* Add Authenticate to the common traits extended by DeviceRobin Krahl2018-05-29
| | | | | Authenticate is supported by both the Nitrokey Pro and the Nitrokey Storage. Therefore Device should extend it.
* Fix message for Nitrokey connection in tests/otp.rsRobin Krahl2018-05-29
|
* Add support for password safesRobin Krahl2018-05-29
| | | | | | | | | A password safe (PWS) stores names, logins and passwords in slots. PWS are supported both by the Nitrokey Pro and the Nitrokey Storage. They are implemented as a struct wrapping a device as the device may not be disconnected while the password safe is alive. The creation of a password safe is handled by the GetPasswordSafe trait, implemented by DeviceWrapper, Pro and Storage.
* Add rudimentary support for the Nitrokey StorageRobin Krahl2018-05-29
| | | | | This patch adds the Storage struct and the test-storage feature. It also enables all currently supported Pro commands for the Storage.
* Group tests by tested functionalityRobin Krahl2018-05-28
|
* Move Admin, User and Authenticate to auth moduleRobin Krahl2018-05-28
|
* Restructure trait implementations for wrappersRobin Krahl2018-05-28
| | | | | | | For DeviceWrapper, the traits GenerateOtp and Device are now directly implemented instead of complicated template implementations. For User and Admin, the wrapper implementations are replaced with an implementation of the Deref trait for easier access.
* Move set_time from Device to GenerateOtpRobin Krahl2018-05-28
| | | | | | The set_time operation is only used with TOTP generation. Therefore it makes more sense to have it in the GenerateOtp trait than in the Device trait.
* Remove duplicated documentation commentRobin Krahl2018-05-28
| | | | | | The defnition of the ConfigureOtp trait already contains documentation comments, therefore the comments in the implementation for User<T> can be removed.
* Rewrap documentation comments to 100 charactersRobin Krahl2018-05-28
|
* Introduce DeviceWrapper to abstract over devicesRobin Krahl2018-05-28
| | | | | | | DeviceWrapper abstracts over the supported devices. It implements the traits that are implemented by all supported devices. The previous UnauthenticatedDevice is renamed to Pro to prepare Storage support. connect_model is moved to Pro::connect.
* Move the authenticate methods to a new Authenticate traitRobin Krahl2018-05-22
|
* Improve log level documentationRobin Krahl2018-05-22
| | | | | | Now, the documentation clearly states the purpose of each log level. Also, the documentation for set_log_level is corrected: libnitrokey always prints to stderr.
* Remove set_debug calls in the tests and update documentationRobin Krahl2018-05-22
| | | | | | | Since libnitrokey v3.3, libnitrokey no long has debugging output enabled per default. Therefore, a corresponding note can be removed from the crate documentation and the set_debug calls can be removed from the tests.
* Add an example for setting the current timeRobin Krahl2018-05-22
| | | | | The example uses the chrono crate and can therefore not be executed, but at least it shows how to set the Nitrokey device to the current time.
* Improve OtpSlotData constructor / builderRobin Krahl2018-05-22
| | | | | Firstly, use Into<String> instead of String::from(&str). Secondly, add methods to set the two arguments not set in the constructor.
* Restructure code by functionalityRobin Krahl2018-05-22
| | | | | | | | | | | | | | | In future versions, we want to support not only the Nitrokey Pro, but also the Nitrokey Storage. This requires a better code layout. This patch introduces two main changes: First, the OTP-specific methods are moved from the Device trait and the AdminAuthenticatedDevice struct to the functionality-based traits ConfigureOtp and GenerateOtp. This will hopefully make it easier to integrate the Nitrokey Storage. Secondly, the code is split into separate modules. These modules are currently all private and re-exported in the lib module, but we can consider making them public in the future.
* Correct formattingRobin Krahl2018-05-22
|
* Fix example for change_user_pin and change_admin_pinRobin Krahl2018-05-22
|
* Extend test case for drop() with authenticated devicesRobin Krahl2018-05-22
| | | | | As Drop is only implemented for UnauthenticatedDevice, it is relevant to test whether it also works if we work on authenticated devices.
* Use drop() instead of disconnect()Robin Krahl2018-05-22
| | | | | | | | Previously, the user had to explicitly call diconnect() to terminate the connection to the Nitrokey. Now NK_logout() is called automatically once the device is out of scope as UnauthenticatedDevice implements Drop. AdminAuthenticatedDevice and UserAuthenticatedDevice do not have to implement Drop, as it will be called recursively.
* Activate tests for unauthorized OTP code generationRobin Krahl2018-05-22
| | | | | | | In a previous commit, we changed get_string_result to only free the string if the operation was successful. Therefore we can re-enable the tests in hotp_pin and totp_pin that cause failing OTP code generation commands.
* Add support for change_admin_pin and change_user_pinRobin Krahl2018-05-22
|
* Add support for erase_hotp_slot and erase_totp_slotRobin Krahl2018-05-22
|
* Correct invalid slot handlingRobin Krahl2018-05-22
| | | | | | | | | | | While the Nitrokey device would generate a WrongSlot error, libnitrokey catches these errors and raises an InvalidSlotException with error code 201. This patch matches this error code to CommandError::InvalidSlot, corrects the documentation and adds test cases. To be able to test a failing OTP generation command, we have to adapt get_string_result to free the string only if successful. This is due to the segfault issue in libnitrokey v3.3 (see todo list).
* Refactor test casesRobin Krahl2018-05-21
|
* Use NK_login_enum instead of NK_loginRobin Krahl2018-05-21
| | | | | | NK_login used a string to identify the model to connect to. Since libnitrokey v3.3, we can use NK_login_enum together with an enum value as a more type-safe alternative.
* Add get_minor_firmware_version to DeviceRobin Krahl2018-05-21
| | | | Since libnitrokey v3.3, we can also access the minor firmware version.
* Update nitrokey-sys dependency to v3.3.0Robin Krahl2018-05-21
| | | | | | | Now libnitrokey v3.3 is compiled from source, fixing the problems with older libnitrokey versions (freeing strings, firmware version getter). Also, bindgen is no longer a build dependency. This makes the build process a lot faster.
* Initial commitRobin Krahl2018-05-19