From a02623db10c13d03ae889fd37078e467fe62406f Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 3 Jan 2019 22:24:51 +0000 Subject: Add Storage::enable_firmware_update method This patch adds the enable_firmware_update method to the Storage struct that uses NK_enable_firmware_update to put the Nitrokey Storage into update mode. This method is not tested as external tooling is required to resume normal operation and as it is hard to bail out if an error occurs. --- CHANGELOG.md | 2 ++ TODO.md | 1 - src/device.rs | 38 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2551350..d806ff4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ PIN. - Add the `Device::factory_reset` method that performs a factory reset. - Add the `Device::build_aes_key` method that builds a new AES key on the Nitrokey. +- Add the `Storage::enable_firmware_update` method that puts the Nitrokey + Storage in update mode so that the firmware can be updated. # v0.2.3 (2018-12-31) diff --git a/TODO.md b/TODO.md index 9555747..111105d 100644 --- a/TODO.md +++ b/TODO.md @@ -11,7 +11,6 @@ - `NK_set_unencrypted_read_write_admin` - `NK_set_encrypted_read_only` - `NK_set_encrypted_read_write` - - `NK_enable_firmware_update` - `NK_export_firmware` - `NK_clear_new_sd_card_warning` - `NK_fill_SD_card_with_random_data` diff --git a/src/device.rs b/src/device.rs index bc48cd2..df76e12 100644 --- a/src/device.rs +++ b/src/device.rs @@ -767,6 +767,44 @@ impl Storage { } } + /// Enables the firmware update mode. + /// + /// During firmware update mode, the Nitrokey can no longer be accessed using HID commands. + /// To resume normal operation, run `dfu-programmer at32uc3a3256s launch`. In order to enter + /// the firmware update mode, you need the update password that can be changed using the + /// [`change_update_pin`][] method. + /// + /// # Errors + /// + /// - [`InvalidString`][] if one of the provided passwords contains a null byte + /// - [`WrongPassword`][] if the current update password is wrong + /// + /// # Example + /// + /// ```no_run + /// # use nitrokey::CommandError; + /// + /// # fn try_main() -> Result<(), CommandError> { + /// let device = nitrokey::Storage::connect()?; + /// match device.enable_firmware_update("12345678") { + /// Ok(()) => println!("Nitrokey entered update mode."), + /// Err(err) => println!("Could not enter update mode: {}", err), + /// }; + /// # Ok(()) + /// # } + /// ``` + /// + /// [`InvalidString`]: enum.CommandError.html#variant.InvalidString + /// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword + pub fn enable_firmware_update(&self, update_pin: &str) -> Result<(), CommandError> { + let update_pin_string = get_cstring(update_pin)?; + unsafe { + get_command_result(nitrokey_sys::NK_enable_firmware_update( + update_pin_string.as_ptr(), + )) + } + } + /// Enables the encrypted storage volume. /// /// Once the encrypted volume is enabled, it is presented to the operating system as a block -- cgit v1.2.3