From f95e2be7422243bbbb07ae07f6b026bd6d578099 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Thu, 7 Jun 2018 00:41:20 +0200 Subject: Remove NK_lock_device call from PasswordSafe::drop When enabled, the password safe can be used without authentication. The lock device can be used to lock the password safe. Currently, PasswordSafe::drop calls this command to make sure that other applications cannot access the password safe without authentication. On the Nitrokey Storage, locking the device may also disable the encrypted or hidden volume. As using the password safe should not have side effects on the storage volumes, this patch removes the call to the lock device command from the Drop implementation. Instead, the user should call this method after making sure that it does not have side effects. A feature request for a command that only locks the password safe without side effects is submitted to the Nitrokey Storage firmware repository: https://github.com/Nitrokey/nitrokey-storage-firmware/issues/65 --- src/tests/pws.rs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/tests') diff --git a/src/tests/pws.rs b/src/tests/pws.rs index d6125a9..02e33cd 100644 --- a/src/tests/pws.rs +++ b/src/tests/pws.rs @@ -1,3 +1,4 @@ +use device::Device; use nitrokey_sys; use pws::{GetPasswordSafe, PasswordSafe, SLOT_COUNT}; use tests::util::{Target, ADMIN_PASSWORD, USER_PASSWORD}; @@ -36,6 +37,9 @@ fn drop() { assert_eq!(Ok(String::from("name")), result); } let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); + assert_eq!(Ok(String::from("name")), result); + device.lock(); + let result = result_from_string(unsafe { nitrokey_sys::NK_get_password_safe_slot_name(1) }); assert_eq!(Err(CommandError::NotAuthorized), result); } -- cgit v1.2.3