| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
| |
To enable applications like nitrokey-test to go back to a manager
instance from a Device instance, we add the into_manager function to the
Device trait. To do that, we have to keep track of the Manager’s
lifetime by adding a lifetime to Device (and then to some other traits
that use Device).
|
|
|
|
|
|
|
| |
As part of the connection refactoring, this patch moves the connect
methods of the Pro and Storage structs into the Manager struct. To
maintain compatibility with nitrokey-test, the old methods are not
removed but marked as deprecated.
|
|
|
|
|
|
| |
As part of the connection refactoring, this patch moves the
connect_model function to the Manager struct. As the connect_model
function is not used by nitrokey-test, it is removed.
|
|
|
|
| |
This reverts commit 13006c00dcbd570cf8347d89557834e320427377.
|
|
|
|
| |
This reverts commit 0972bbe82623c3d9649b6023d8f50d304aa0cde6.
|
|
|
|
|
|
| |
In a previous commit, we introduced the DEFAULT_{ADMIN,USER}_PIN
constants. Therefore we no longer need in the {ADMIN,USER}_PASSWORD
constants in the util module for the tests.
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the initial nitrokey-rs implementation, the Admin and the User struct
take the Device by value to make sure that the user cannot initiate a
second authentication while this first is still active (which would
invalidate the temporary password). Now we realized that this is not
necessary – taking a mutable reference has the same effect, but leads to
a much cleaner API.
This patch refactors the Admin and User structs – and all dependent code
– to use a mutable reference instead of a Device value.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, all methods that access a Nitrokey device took a reference
to the device as input. This method changes methods that change the
device state to require a mutable reference instead. In most case,
this is straightforward as the method writes data to the device (for
example write_config or change_user_pin). But there are two edge cases:
- Authenticating with a PIN changes the device state as it may decrease
the PIN retry counter if the authentication fails.
- Generating an HOTP code changes the device state as it increases the
HOTP counter.
|
|
|
|
|
|
|
|
|
|
| |
Previously, we considered this command as unsupported as it only was
available with firmware version 0.49. But as discussed in nitrocli
issue 80 [0], it will probably be re-enabled in future firmware
versions. Therefore this patch adds the set_encrypted_volume_mode to
Storage.
[0] https://github.com/d-e-s-o/nitrocli/issues/80
|
|
|
|
|
|
|
|
| |
Sometimes we cannot use assert_ok! as we can’t compare the Ok value (or
do not want to). For these cases, this patch adds the new assert_any_ok
macro to use instead of assert!(x.is_ok()). The advantage is that the
error information is not discarded but printed in a helpful error
message.
|
|
|
|
|
|
| |
The unwrap error message is not very useful. This patch adds the
unwrap_ok macro that is basically the same as unwrap but prints a more
readable error message.
|
|
|
|
|
|
|
| |
After a factory reset or after building the AES key, the password safe
contains garbage data. This will most likely not be valid UTF-8.
Therefore we change the tests to also accept an UTF-8 error in these
cases.
|
|
|
|
|
|
|
|
| |
This patch combines the get_{major,minor}_firmware_version methods into
the new get_firmware_version method that returns a FirmwareVersion
struct. Currently, this requires casting from i32 to u8. But this will
be fixed with the next libnitrokey version as we change the return types
for the firmware getters.
|
|
|
|
|
|
|
|
| |
Previously, we sometimes returned a value without wrapping it in a
result if the API method did not indicate errors in the return value.
But we can detect errors using the NK_get_last_command_status function.
This patch changes the return types of these methods to Result<_, Error>
and adds error checks.
|
|
|
|
|
|
|
| |
This patch adds license and copyright information to all files to make
nitrokey-rs compliant with the REUSE practices [0].
[0] https://reuse.software/practices/2.0/
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If possible, check specific error codes instead of `is_err()`. This
makes the code more readable and catches bugs resulting in the wrong
error code. Also, using the assert_*_err and assert_ok macros yields
error messages containing the expected and the actual value.
To be able to use these macros with the `get_password_safe` method, we
also have to implement `Debug` for `PasswordSafe` and `Device`.
|
|
|
|
|
|
| |
Previously, library errors were part of the CommandError enum. As
command errors and library errors are two different error types, they
should be split into two enums.
|
|
|
|
|
|
|
|
|
| |
These macros allow easier comparisions using the new error type. This
patch fixes all tests and updates nitrokey-test to 0.2.0 so that it
integrates with the new error structure.
Some tests may still fail until CommunicationError::NotConnected is
actually returned.
|
|
|
|
|
|
| |
The FirmwareVersion struct stores the major and minor firmware version
of a Nitrokey device. We refactor the StorageProductionInfo and
StorageStatus structs to use this new struct.
|
|
|
|
|
|
|
|
| |
There seems to be a bug in libnitrokey or the Nitrokey Storage firmware
that causes problems when chaining factory reset and build_AES_keys
without delay (upstream issue [0]).
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/80
|
|
|
|
|
|
| |
The device::clear_new_sd_card_warning used to perform a factory reset
without building an AES key. This led to errors in tests that assume
that an AES key is present.
|
|
|
|
|
|
|
|
|
|
|
| |
The device::factory_reset test used to first change the PINs and then
access the PWS and the OTP data. If for example the PWS access failed
due to an problem with the AES key, the PINs were not reset.
Now we perform the PWS and OTP access with the old PINs – which is okay
as we do not want to test the PIN change but the factory reset. If
these preparations fail, the tests is cancelled before the PINs are
changed.
|
|
|
|
|
|
| |
The clear_new_sd_card_warning method calls the libnitrokey
NK_clear_new_sd_card_warning function to reset the corresponding flag in
the Storage status.
|
|
|
|
|
|
|
|
|
|
|
| |
The get_production_info method maps to the NK_get_production_info
function of libnitrokey. The Storage firmware supports two query modes:
with or without a write test. libnitrokey only performs the query
without write test, so the fields that are only set for the write test
are ignored in our implementation. This affects:
- user and admin retry counts
- smart card ID
- SD card size
|
|
|
|
|
|
|
| |
The export_firmware method writes the firmware of the Nitrokey Storage
to the unencrypted storage. We only test that the command succeeds as
mounting the unencrypted storage and accessing the file is out of scope
for the tests.
|
|
|
|
|
|
|
|
|
|
| |
The new set_unencrypted_volume_mode method sets the access mode of the
unencrypted volume on the Nitrokey Storage. Depending on the requested
access mode, it calls either NK_set_unencrypted_read_only_admin or
NK_set_unencrypted_read_write_admin.
Note that this function requires firmware version 0.51 or later.
(Earlier firmware versions used the user PIN.)
|
|
|
|
|
|
| |
The update PIN is only used in the Storage tests, so it is moved from
the common tests/util module to the tests/device module. This fixes
compiler warnings when compiling the other test modules.
|
|
|
|
|
|
|
|
|
| |
The connect_* device tests fail when run in a setup with a Pro and
Storage stick present. The problem is that these tests assume only one
stick to be present, and that the corresponding connect function for the
other stick reports an error.
However, in a two stick setup there is no such guarantee. This patch
removes tests for those assumptions.
|
|
|
|
|
|
| |
This patch adds the global connect_model function that can be used to
connect to a Nitrokey device of a given model. Contrary to Pro::connect
and Storage::connect, the model does not have to be set at compile time.
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces the methods enable_hidden_volume,
disable_hidden_volume and create_hidden_volume for the Storage struct to
support the hidden volumes on the Nitrokey Storage. The enable and
create methods require that the encrypted storage has been enabled.
Contrary to authentication and password safe access, we do not enforce
this requirement in the API as file system operations could have
unwanted side effects and should not performed implicitly.
|
|
|
|
|
|
|
|
|
|
| |
We experienced various problems running the tests and while they may or
may not be caused by local setup issues, it is helpful to have more
information than just an indication that an assertion (true/false) was
violated.
To that end, this change adjusts some of the assert!(<func>().is_ok())
to compare against Ok(()) instead. This way, if the result is not the Ok
variant, the error code will get printed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is the first in a series to migrate the existing tests to
using the nitrokey-test crate. The crate provides a couple of benefits
over the existing way testing works:
- test execution is automatically serialized (i.e., no more need for
--test-threads)
- available devices are detected at runtime (i.e., no more need for
--features test-pro)
- tests capable of running only on a specific device are automatically
skipped if this device is not present
In addition to that, the crate also offers selection of particular
groups of tests by virtue of the NITROKEY_TEST_GROUP environment
variable. If set (valid values are "nodev", "pro", and "storage") only
tests of the particular group are run (those tests will fail if a
required precondition is not met, i.e., if a device is present but
"nodev" is set, or if the "pro" group is run but no device or a storage
device is present).
Unfortunately, it has some limitations as well. Most importantly Rust
does not allow us to indicate whether a test has been skipped or not.
While it has #[ignore] support, that strictly is a compile-time feature
and, hence, not usable.
This patch in particular pulls in the nitrokey-test crate and adjusts
the existing device tests to make use of it.
|
|
|
|
|
|
| |
Contrary to my previous beliefs, build_aes_key has to be called even
after a factory reset using the Nitrokey API. This patch updates the
documentation and the unit tests based on this insight.
|
|
|
|
|
|
|
|
| |
This patch adds the build_aes_key method to the Device trait that uses
the NK_build_aes_key function to build new AES keys on the device. This
effectively resets the password safe and the encrypted storage. It is
unclear whether other data (e. g. the one-time passwords) are affected
too.
|
|
|
|
|
|
|
| |
This patch adds the factory_reset_method to the Device trait that uses
the NK_factory_reset function to perform a factory reset. The tests
verify that the user and admin PIN are reset and that the OTP storage
and the password safe are deleted.
|
|
|
|
|
|
| |
This patch adds the change_update_pin method to the Storage struct that
uses the NK_change_update_password function to set the password required
for firmware updates.
|
|
|
|
|
|
| |
This patch adds a test case that changes the PIN when calling
unlock_user_pin. The previous test case only unlocked the current user
PIN.
|
|
|
|
|
|
| |
It seems that with newer firmeware, the model string in the lsblk output
is Nitrokey_Storage instead of Nitrokey Storage. Therefore this patch
replaces underscores with spaces to account for both versions.
|
|
|
|
|
| |
This patch adds the function Device::get_model that returns the model of
the connected Nitrokey stick.
|
|
|
|
|
|
|
| |
Currently, the test-no-device feature is used for tests that expect no
Nitrokey to be connected. Yet test-no-device is equivalent to not
test-pro and not test-storage. Therefore, this patch removes the
test-no-device feature.
|
|
Newer Rust versions support integration tests in a top-level tests
directory. This patch refactors the existing unit tests into
integration tests.
|