| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
The new set_unencrypted_volume_mode method sets the access mode of the
unencrypted volume on the Nitrokey Storage. Depending on the requested
access mode, it calls either NK_set_unencrypted_read_only_admin or
NK_set_unencrypted_read_write_admin.
Note that this function requires firmware version 0.51 or later.
(Earlier firmware versions used the user PIN.)
|
|
|
|
|
|
| |
The VolumeMode enum will be used when setting the access mode for the
unencrypted volume. It can also be used when refactoring the
VolumeStatus enum in a future release.
|
| |
|
|
|
|
|
|
| |
This patch adds the wink method to the Storage struct that lets the
Nitrokey device blink until reconnected. We do not test this method as
it does not change the state that we can observe.
|
|
|
|
|
|
|
| |
This patch adds the get_library_version function to the main library
module that queries and returns the libnitrokey version. As the version
fields are static values, we fetch them all at the same time and do not
provide getters for the individual fields.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Three more error codes are defined in libnitrokey but currently reported
as the CommandError::Unknown variant:
200: representing a string that exceeds a limit
202: indicating a string that is not in hexadecimal format when it
should be
203: suggesting that the target buffer is smaller than the source
buffer and, hence, too small
This change introduces the CommandError variants StringTooLong,
InvalidHexString and TargetBufferTooSmall, respectively, representing
those errors.
|
|
|
|
|
|
| |
This patch adds the global connect_model function that can be used to
connect to a Nitrokey device of a given model. Contrary to Pro::connect
and Storage::connect, the model does not have to be set at compile time.
|
|
|
|
| |
connect_model will be used for a public function with the next patch.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces the methods enable_hidden_volume,
disable_hidden_volume and create_hidden_volume for the Storage struct to
support the hidden volumes on the Nitrokey Storage. The enable and
create methods require that the encrypted storage has been enabled.
Contrary to authentication and password safe access, we do not enforce
this requirement in the API as file system operations could have
unwanted side effects and should not performed implicitly.
|
| |
|
|
|
|
|
|
| |
Contrary to my previous beliefs, build_aes_key has to be called even
after a factory reset using the Nitrokey API. This patch updates the
documentation and the unit tests based on this insight.
|
| |
|
|
|
|
|
|
|
|
| |
This patch adds the enable_firmware_update method to the Storage struct
that uses NK_enable_firmware_update to put the Nitrokey Storage into
update mode. This method is not tested as external tooling is required
to resume normal operation and as it is hard to bail out if an error
occurs.
|
|
|
|
|
|
|
|
| |
This patch adds the build_aes_key method to the Device trait that uses
the NK_build_aes_key function to build new AES keys on the device. This
effectively resets the password safe and the encrypted storage. It is
unclear whether other data (e. g. the one-time passwords) are affected
too.
|
|
|
|
|
|
|
| |
This patch adds the factory_reset_method to the Device trait that uses
the NK_factory_reset function to perform a factory reset. The tests
verify that the user and admin PIN are reset and that the OTP storage
and the password safe are deleted.
|
|
|
|
|
|
| |
This patch adds the change_update_pin method to the Storage struct that
uses the NK_change_update_password function to set the password required
for firmware updates.
|
|
|
|
|
|
| |
After a factory reset, the password safe cannot be accessed as its
secret cannot be decrypted. This patch improves the documentation for
GetPasswordSafe::get_password_safe to reflect this behavior.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The CommandError::Unknown variant, which is used whenever a reported
error code is not known, makes it close to impossible to determine the
root cause of, say, a one-off error, because all information explaining
what went wrong is discarded.
With this change we adjust the Unknown variant to include the error
report. In addition, we introduce a new CommandError variant, Undefined,
that is used when no error code is available.
|
| |
|
|
|
|
|
| |
We switched to rand::thread_rng() which cannot fail. Therefore the
CommandError::RngError is no longer needed and removed in this patch.
|
|
|
|
|
|
|
|
| |
This patch adds the force argument to the set_time method in the
ConfigureOtp trait that allows the user to choose whether jumps to the
past are allowed when updating the time. It is implemented by using the
NK_totp_set_time_soft function. Previously, jumps where unconditionally
allowed.
|
| |
|
|
|
|
|
|
| |
As these three enums are scalar values, this patch derives the Clone and
Copy traits for them. This should avoid unnecessary allocations and
reduce the memory footprint.
|
| |
|
|
|
|
|
| |
This patch adds the function Device::get_model that returns the model of
the connected Nitrokey stick.
|
|
|
|
|
|
|
|
| |
This patch updates the rand dependecy to version 0.6. It also replaces
the OsRng, which is guaranteed to use OS/hardware entropy, with the
thread_rng, which is likely to use OS/hardware entropy as a seed. The
choice of RNG and the handling of password should be reviewed at a later
point.
|
| |
|
|
|
|
|
|
| |
Newer Rust versions support integration tests in a top-level tests
directory. This patch refactors the existing unit tests into
integration tests.
|
|
|
|
|
|
|
| |
With Rust edition 2018, it is no longer necessary to declare
dependencies in the code using `extern crate`. Therefore, this patch
removes these declarations and replaces them with `use` declarations if
necessary.
|
|
|
|
|
|
| |
This patch changes use declarations for modules within this crate to use
the crate:: path qualifier. This will be mandatory in Rust edition
2018.
|
|
|
|
|
| |
This patch changes the type of trait objects from `Trait` to `dyn
Trait`. This fixes bare-trait-object compiler warnings.
|
|
|
|
|
| |
This patch makes hidden life time parameters explicit to fix
elided-lifetime-in-path compiler warnings.
|
| |
|
|
|
|
|
|
|
|
| |
This patch enables the following compiler warnings:
- missing_docs for public symbols without documentation
- rust_2018_compatibility for Rust edition 2018 support
- rust_2018_idioms for Rust edition 2018 support
- unused for different types of unused code
|
| |
|
| |
|
|
|
|
|
|
| |
This patch adds a `get_status` method to the `Storage` structure. The
returned structure `StorageStatus` is based on the structure provided by
libnitrokey.
|
|
|
|
|
|
|
| |
As connect() now returns DeviceWrappers of the correct type, this patch
adds an example to the DeviceWrapper documentation that shows how to use
type conditions, i. e. how to execute a command only for Nitrokey
Storage devices.
|
|
|
|
|
|
| |
This patch fixes the generic connect() method to return a DeviceWrapper
of the correct type. This is enabled by the NK_get_device_model()
method introduced in libnitrokey v3.4.
|
|
|
|
|
|
|
|
| |
Old libnitrokey versions could return pointers to both statically and
dynamically allocated strings for functions that return strings. This
has been fixed in libnitrokey commit 7a8550d (included in v3.4). This
patch removes the old workaround and always frees the return value of
functions returning a string pointer.
|
|
|
|
|
| |
Most notably, for command errors, this will print a human-readable error
message instead of just the name of the enum.
|
|
|
|
|
|
| |
The std::fmt::Display implementation provides a human-readable error
message for a CommandError. It is intended to be used in error
messages displayed to the user.
|
|
|
|
|
|
| |
The new get_cstring method in util returns a Result<CString,
CommandError>, so mast callers can just use the ? operator to unwrap the
result instead of cumbersome unwrapping code.
|
|
|
|
|
|
| |
The Result enum is more idiomatic and easier to use than our custom
CommandStatus enum with the same structure. This is especially true for
the try operator ?.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When enabled, the password safe can be used without authentication. The
lock device can be used to lock the password safe. Currently,
PasswordSafe::drop calls this command to make sure that other
applications cannot access the password safe without authentication.
On the Nitrokey Storage, locking the device may also disable the
encrypted or hidden volume. As using the password safe should not have
side effects on the storage volumes, this patch removes the call to the
lock device command from the Drop implementation. Instead, the user
should call this method after making sure that it does not have side
effects.
A feature request for a command that only locks the password safe
without side effects is submitted to the Nitrokey Storage firmware
repository:
https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the commands to enable or disable the
encrypted volume on the Nitrokey Storage. To test these commands, the
output of lsblk is parsed for the device model “Nitrokey Storage”. This
is not perfect but seems to be the best solution for automated testing.
As the effect of enabling and disabling volumes is not immediate, a
delay of two seconds is added to the tests before checking lsblk. This
is sufficient on my machine, yet it would be better to have a portable
version of this check.
This patch also adds a lock method to Device that executes the
lock_device command. This command was previously only used to close the
password safe. On the Nitrokey Storage, it also disables the encrypted
and hidden volume.
|
|
|
|
|
|
|
|
| |
The current Nitrokey Storage firmware does not support timestamps that
do not fit into an unsigned integer. Therefore, the tests totp_pin and
totp_no_pin are restricted to 32-bit timestamps. New tests totp_pin_64
and totp_no_pin_64 are introduced for 64-bit timestamps. These are
expected to panic for the Nitrokey Storage.
|