| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a previous commit, we changed the serial number representation from a
string to an integer. This made it easier to compare serial numbers,
but also introduced new problems:
- Serial numbers should be formatted consistently, for example as
"{:#010x}". It is hard to ensure this for an integer value.
- The format of the serial number may be subject to change. Users
should not rely too much on the u32 representation.
Therefore we introduce a new SerialNumber struct that represents a
serial number. Currently it only stores a u32 value. The following
traits and functions can be used to access its value:
- FromStr for string parsing
- ToString/Display for string formatting
- as_u32 to access the underlying integer value
|
|
|
|
|
|
|
|
| |
This patch consistently uses u32 integers to store and return the serial
number of a Nitrokey device. This makes it easier to convert and
compare the serial number, as it is a unique representation and as
formatting an integer cannot fail. For more details, see this RFC:
https://lists.sr.ht/~ireas/nitrokey-rs-dev/%3C20200126074816.GA1314%40ireas.org%3E
|
|
|
|
|
|
| |
To make debugging of unexpected errors easier, this patch adds an
associated String value with a description of the unexpected behavior to
the UnexpectedError variant of the Error enum.
|
|
|
|
|
|
|
|
| |
This patch adds support for libnitrokey’s
NK_fill_SD_card_with_random_data function. It is executed by the
fill_sd_card function of the Storage struct. We also add a new test
case that is set to ignore because it takes between 30 and 60 minutes to
run.
|
|
|
|
|
|
|
| |
This patch adds support for the NK_get_progress_bar_value function: It
adds the OperationStatus enum that stores the return value of this
command and adds the get_operation_status function to the Storage struct
that executes the command.
|
|
|
|
|
|
| |
This patch adds support for the NK_get_SD_usage_data function. It
returns a range of the SD card that has not been accessed during this
power cycle.
|
|
|
|
|
|
|
| |
In the last patch, we added the get_status function to the Device trait.
This patch renames the Storage::get_status function to
get_storage_status to resolve the name clash – though allowed by the
compiler, it is rather confusing for the end user.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for the GET_STATUS command that returns the
status information common to all Nitrokey devices. It can be accessed
using the Device::get_status function and is stored in a Status struct.
Due to a bug in the Storage firmware [0], the GET_STATUS command returns
wrong firmware versions and serial numbers. Until this is fixed in
libnitrokey [1], we have to manually execute the GET_DEVICE_STATUS
command to fix these values for the Nitrokey Storage.
Also, this leads to a name clash with the existing Storage::get_status
function, which will be renamed in an upcoming patch.
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/96
[1] https://github.com/Nitrokey/libnitrokey/issues/166
|
|
|
|
|
|
| |
This patch adds the connect_path function to the Manager struct that
uses NK_connect_with_path to connect to a Nitrokey device at a given USB
path.
|
|
|
|
|
|
|
| |
This patch adds support for libnitrokey’s NK_list_devices function by
introducing the top-level list_devices function. It returns a vector of
DeviceInfo structs with information about all connected Nitrokey
devices.
|
|
|
|
|
| |
To fix a compiler warning, we use the dyn keyword for trait arguments in
the otp.rs instead of using the trait directly.
|
|
|
|
|
|
|
|
| |
Due to a timing issue, some calls to the build_aes_key function may fail
after a factory reset. As a workaround for this firmware bug, we check
the user retry count before building the aes key in the factory_reset
test. For details, see the upstream issue:
https://github.com/Nitrokey/nitrokey-pro-firmware/issues/57
|
|
|
|
|
|
| |
To avoid a ConcurrentAccessError, we have to use the
Device::into_manager function instead of calling take to obtain a
Manager instance.
|
|
|
|
|
|
| |
The previous patches refactored the connection handling to use the
Manager struct. This patch changes the tests to use the new Manager
methods instead of the deprecated functions.
|
|
|
|
|
|
|
|
| |
To enable applications like nitrokey-test to go back to a manager
instance from a Device instance, we add the into_manager function to the
Device trait. To do that, we have to keep track of the Manager’s
lifetime by adding a lifetime to Device (and then to some other traits
that use Device).
|
|
|
|
|
|
|
| |
As part of the connection refactoring, this patch moves the connect
methods of the Pro and Storage structs into the Manager struct. To
maintain compatibility with nitrokey-test, the old methods are not
removed but marked as deprecated.
|
|
|
|
|
|
| |
As part of the connection refactoring, this patch moves the
connect_model function to the Manager struct. As the connect_model
function is not used by nitrokey-test, it is removed.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of the connection refactoring, we introduce the Manager struct
that deals with connection management. To make sure there can be only
once instance of the manager, we add a global static Mutex that holds
the single Manager instance. We use the struct to ensure that the user
can only connect to one device at a time.
This also changes the Error::PoisonError variant to store the
sync::PoisonError. This allows the user to call into_inner on the
PoisonError to retrieve the MutexGuard and to ignore the error (for
example useful during testing).
|
|
|
|
| |
This reverts commit 13006c00dcbd570cf8347d89557834e320427377.
|
|
|
|
| |
This reverts commit 0972bbe82623c3d9649b6023d8f50d304aa0cde6.
|
|
|
|
|
|
| |
In a previous commit, we introduced the DEFAULT_{ADMIN,USER}_PIN
constants. Therefore we no longer need in the {ADMIN,USER}_PASSWORD
constants in the util module for the tests.
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the initial nitrokey-rs implementation, the Admin and the User struct
take the Device by value to make sure that the user cannot initiate a
second authentication while this first is still active (which would
invalidate the temporary password). Now we realized that this is not
necessary – taking a mutable reference has the same effect, but leads to
a much cleaner API.
This patch refactors the Admin and User structs – and all dependent code
– to use a mutable reference instead of a Device value.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, all methods that access a Nitrokey device took a reference
to the device as input. This method changes methods that change the
device state to require a mutable reference instead. In most case,
this is straightforward as the method writes data to the device (for
example write_config or change_user_pin). But there are two edge cases:
- Authenticating with a PIN changes the device state as it may decrease
the PIN retry counter if the authentication fails.
- Generating an HOTP code changes the device state as it increases the
HOTP counter.
|
|
|
|
|
|
|
|
|
|
| |
Previously, we considered this command as unsupported as it only was
available with firmware version 0.49. But as discussed in nitrocli
issue 80 [0], it will probably be re-enabled in future firmware
versions. Therefore this patch adds the set_encrypted_volume_mode to
Storage.
[0] https://github.com/d-e-s-o/nitrocli/issues/80
|
|
|
|
|
|
|
|
| |
Sometimes we cannot use assert_ok! as we can’t compare the Ok value (or
do not want to). For these cases, this patch adds the new assert_any_ok
macro to use instead of assert!(x.is_ok()). The advantage is that the
error information is not discarded but printed in a helpful error
message.
|
|
|
|
|
|
| |
The unwrap error message is not very useful. This patch adds the
unwrap_ok macro that is basically the same as unwrap but prints a more
readable error message.
|
|
|
|
|
|
|
| |
After a factory reset or after building the AES key, the password safe
contains garbage data. This will most likely not be valid UTF-8.
Therefore we change the tests to also accept an UTF-8 error in these
cases.
|
|
|
|
|
|
|
|
| |
This patch combines the get_{major,minor}_firmware_version methods into
the new get_firmware_version method that returns a FirmwareVersion
struct. Currently, this requires casting from i32 to u8. But this will
be fixed with the next libnitrokey version as we change the return types
for the firmware getters.
|
|
|
|
|
|
|
|
| |
Previously, we sometimes returned a value without wrapping it in a
result if the API method did not indicate errors in the return value.
But we can detect errors using the NK_get_last_command_status function.
This patch changes the return types of these methods to Result<_, Error>
and adds error checks.
|
|
|
|
|
|
| |
The TOTP test with the timestamp 59 often fails as the Nitrokey’s clock
ticks between setting the time and generating the TOTP code. This patch
also allows the TOTP code for timestamp 60 for this test case.
|
|
|
|
|
|
|
| |
This patch adds license and copyright information to all files to make
nitrokey-rs compliant with the REUSE practices [0].
[0] https://reuse.software/practices/2.0/
|
| |
|
|
|
|
|
|
|
| |
Previously, we used lossy UTF-8 conversion. Yet the user should be
notified if we have a problem instead of silently changing the data.
Therefore, we now return an error if we enocunter an invalid UTF-8
string. This leads to a change in `get_library_version`’s signature.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If possible, check specific error codes instead of `is_err()`. This
makes the code more readable and catches bugs resulting in the wrong
error code. Also, using the assert_*_err and assert_ok macros yields
error messages containing the expected and the actual value.
To be able to use these macros with the `get_password_safe` method, we
also have to implement `Debug` for `PasswordSafe` and `Device`.
|
|
|
|
|
|
|
| |
The UnexpectedError variant is used when a libnitrokey function returns
a value that violates the function’s contract, for example if a function
returns a null pointer although it guarantees to never return null.
Previously, we returned a CommandError::Unspecified in these cases.
|
|
|
|
|
|
| |
Previously, library errors were part of the CommandError enum. As
command errors and library errors are two different error types, they
should be split into two enums.
|
|
|
|
|
|
|
| |
An error code can not only indiciate a command error, but also a library
or device communication error. Therefore, the variant for an unknown
error code should be placed in the top-level Error enum instead of the
CommandError enum.
|
|
|
|
|
|
|
|
|
| |
These macros allow easier comparisions using the new error type. This
patch fixes all tests and updates nitrokey-test to 0.2.0 so that it
integrates with the new error structure.
Some tests may still fail until CommunicationError::NotConnected is
actually returned.
|
|
|
|
|
|
| |
The FirmwareVersion struct stores the major and minor firmware version
of a Nitrokey device. We refactor the StorageProductionInfo and
StorageStatus structs to use this new struct.
|
|
|
|
|
| |
If libnitrokey has not been built from a clone of the Git repository,
the Git version string may be empty.
|
|
|
|
|
|
|
|
| |
There seems to be a bug in libnitrokey or the Nitrokey Storage firmware
that causes problems when chaining factory reset and build_AES_keys
without delay (upstream issue [0]).
[0] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/80
|
|
|
|
|
|
| |
The device::clear_new_sd_card_warning used to perform a factory reset
without building an AES key. This led to errors in tests that assume
that an AES key is present.
|
|
|
|
|
|
|
|
|
|
|
| |
The device::factory_reset test used to first change the PINs and then
access the PWS and the OTP data. If for example the PWS access failed
due to an problem with the AES key, the PINs were not reset.
Now we perform the PWS and OTP access with the old PINs – which is okay
as we do not want to test the PIN change but the factory reset. If
these preparations fail, the tests is cancelled before the PINs are
changed.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until the last commit, all empty strings returned by the library were
interepreted as errors. As the PWS functions return empty strings for
unprogrammed slots, the methods to access the PWS data returned an error
when querying a slot that is not programmed. Since the last commit,
they return an empty string instead.
This patch restores the old behavior by returning an error instead of an
empty string. Yet we change the error variant: SlotNotProgrammed
instead of Undefined.
|
|
|
|
|
|
| |
The clear_new_sd_card_warning method calls the libnitrokey
NK_clear_new_sd_card_warning function to reset the corresponding flag in
the Storage status.
|
|
|
|
|
|
|
|
|
|
|
| |
The get_production_info method maps to the NK_get_production_info
function of libnitrokey. The Storage firmware supports two query modes:
with or without a write test. libnitrokey only performs the query
without write test, so the fields that are only set for the write test
are ignored in our implementation. This affects:
- user and admin retry counts
- smart card ID
- SD card size
|
|
|
|
|
|
|
| |
The export_firmware method writes the firmware of the Nitrokey Storage
to the unencrypted storage. We only test that the command succeeds as
mounting the unencrypted storage and accessing the file is out of scope
for the tests.
|
|
|
|
|
|
|
|
|
|
| |
The new set_unencrypted_volume_mode method sets the access mode of the
unencrypted volume on the Nitrokey Storage. Depending on the requested
access mode, it calls either NK_set_unencrypted_read_only_admin or
NK_set_unencrypted_read_write_admin.
Note that this function requires firmware version 0.51 or later.
(Earlier firmware versions used the user PIN.)
|
|
|
|
|
|
| |
The update PIN is only used in the Storage tests, so it is moved from
the common tests/util module to the tests/device module. This fixes
compiler warnings when compiling the other test modules.
|