diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/ffi.rs | 603 | ||||
| -rw-r--r-- | src/lib.rs | 4 |
2 files changed, 606 insertions, 1 deletions
diff --git a/src/ffi.rs b/src/ffi.rs new file mode 100644 index 0000000..fc70e97 --- /dev/null +++ b/src/ffi.rs @@ -0,0 +1,603 @@ +/* automatically generated by rust-bindgen, manually modified */ + +/// Nitrokey Pro. +pub const NK_device_model_NK_PRO: NK_device_model = 0; +/// Nitrokey Storage. +pub const NK_device_model_NK_STORAGE: NK_device_model = 1; +/// The Nitrokey device models supported by the API. +pub type NK_device_model = u32; +extern "C" { + /// Set debug level of messages written on stderr + /// @param state state=True - most messages, state=False - only errors level + pub fn NK_set_debug(state: bool); +} +extern "C" { + /// Set debug level of messages written on stderr + /// @param level (int) 0-lowest verbosity, 5-highest verbosity + pub fn NK_set_debug_level(level: ::std::os::raw::c_int); +} +extern "C" { + /// Connect to device of given model. Currently library can be connected only to one device at once. + /// @param device_model char 'S': Nitrokey Storage, 'P': Nitrokey Pro + /// @return 1 if connected, 0 if wrong model or cannot connect + pub fn NK_login(device_model: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} +extern "C" { + /// Connect to device of given model. Currently library can be connected only to one device at once. + /// @param device_model NK_device_model: NK_PRO: Nitrokey Pro, NK_STORAGE: Nitrokey Storage + /// @return 1 if connected, 0 if wrong model or cannot connect + pub fn NK_login_enum(device_model: NK_device_model) -> ::std::os::raw::c_int; +} +extern "C" { + /// Connect to first available device, starting checking from Pro 1st to Storage 2nd. + /// @return 1 if connected, 0 if wrong model or cannot connect + pub fn NK_login_auto() -> ::std::os::raw::c_int; +} +extern "C" { + /// Disconnect from the device. + /// @return command processing error code + pub fn NK_logout() -> ::std::os::raw::c_int; +} +extern "C" { + /// Return the debug status string. Debug purposes. + /// @return command processing error code + pub fn NK_status() -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Return the device's serial number string in hex. + /// @return string device's serial number in hex + pub fn NK_device_serial_number() -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get last command processing status. Useful for commands which returns the results of their own and could not return + /// an error code. + /// @return previous command processing error code + pub fn NK_get_last_command_status() -> u8; +} +extern "C" { + /// Lock device - cancel any user device unlocking. + /// @return command processing error code + pub fn NK_lock_device() -> ::std::os::raw::c_int; +} +extern "C" { + /// Authenticates the user on USER privilages with user_password and sets user's temporary password on device to user_temporary_password. + /// @param user_password char[25](Pro) current user password + /// @param user_temporary_password char[25](Pro) user temporary password to be set on device for further communication (authentication command) + /// @return command processing error code + pub fn NK_user_authenticate( + user_password: *const ::std::os::raw::c_char, + user_temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Authenticates the user on ADMIN privilages with admin_password and sets user's temporary password on device to admin_temporary_password. + /// @param admin_password char[25](Pro) current administrator PIN + /// @param admin_temporary_password char[25](Pro) admin temporary password to be set on device for further communication (authentication command) + /// @return command processing error code + pub fn NK_first_authenticate( + admin_password: *const ::std::os::raw::c_char, + admin_temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Execute a factory reset. + /// @param admin_password char[20](Pro) current administrator PIN + /// @return command processing error code + pub fn NK_factory_reset(admin_password: *const ::std::os::raw::c_char) + -> ::std::os::raw::c_int; +} +extern "C" { + /// Generates AES key on the device + /// @param admin_password char[20](Pro) current administrator PIN + /// @return command processing error code + pub fn NK_build_aes_key(admin_password: *const ::std::os::raw::c_char) + -> ::std::os::raw::c_int; +} +extern "C" { + /// Unlock user PIN locked after 3 incorrect codes tries. + /// @param admin_password char[20](Pro) current administrator PIN + /// @return command processing error code + pub fn NK_unlock_user_password( + admin_password: *const ::std::os::raw::c_char, + new_user_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Write general config to the device + /// @param numlock set value in range [0-1] to send HOTP code from slot 'numlock' after double pressing numlock + /// or outside the range to disable this function + /// @param capslock similar to numlock but with capslock + /// @param scrolllock similar to numlock but with scrolllock + /// @param enable_user_password set True to enable OTP PIN protection (require PIN each OTP code request) + /// @param delete_user_password (unused) + /// @param admin_temporary_password current admin temporary password + /// @return command processing error code + pub fn NK_write_config( + numlock: u8, + capslock: u8, + scrolllock: u8, + enable_user_password: bool, + delete_user_password: bool, + admin_temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get currently set config - status of function Numlock/Capslock/Scrollock OTP sending and is enabled PIN protected OTP + /// @see NK_write_config + /// @return uint8_t general_config[5]: + /// uint8_t numlock; + /// uint8_t capslock; + /// uint8_t scrolllock; + /// uint8_t enable_user_password; + /// uint8_t delete_user_password; + pub fn NK_read_config() -> *mut u8; +} +extern "C" { + /// Get name of given TOTP slot + /// @param slot_number TOTP slot number, slot_number<15 + /// @return char[20](Pro) the name of the slot + pub fn NK_get_totp_slot_name(slot_number: u8) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// @param slot_number HOTP slot number, slot_number<3 + /// @return char[20](Pro) the name of the slot + pub fn NK_get_hotp_slot_name(slot_number: u8) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Erase HOTP slot data from the device + /// @param slot_number HOTP slot number, slot_number<3 + /// @param temporary_password admin temporary password + /// @return command processing error code + pub fn NK_erase_hotp_slot( + slot_number: u8, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Erase TOTP slot data from the device + /// @param slot_number TOTP slot number, slot_number<15 + /// @param temporary_password admin temporary password + /// @return command processing error code + pub fn NK_erase_totp_slot( + slot_number: u8, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Write HOTP slot data to the device + /// @param slot_number HOTP slot number, slot_number<3 + /// @param slot_name char[15](Pro) desired slot name + /// @param secret char[20](Pro) 160-bit secret + /// @param hotp_counter uint32_t starting value of HOTP counter + /// @param use_8_digits should returned codes be 6 (false) or 8 digits (true) + /// @param use_enter press ENTER key after sending OTP code using double-pressed scroll/num/capslock + /// @param use_tokenID @see token_ID + /// @param token_ID @see https://openauthentication.org/token-specs/, 'Class A' section + /// @param temporary_password char[25](Pro) admin temporary password + /// @return command processing error code + pub fn NK_write_hotp_slot( + slot_number: u8, + slot_name: *const ::std::os::raw::c_char, + secret: *const ::std::os::raw::c_char, + hotp_counter: u64, + use_8_digits: bool, + use_enter: bool, + use_tokenID: bool, + token_ID: *const ::std::os::raw::c_char, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Write TOTP slot data to the device + /// @param slot_number TOTP slot number, slot_number<15 + /// @param slot_name char[15](Pro) desired slot name + /// @param secret char[20](Pro) 160-bit secret + /// @param time_window uint16_t time window for this TOTP + /// @param use_8_digits should returned codes be 6 (false) or 8 digits (true) + /// @param use_enter press ENTER key after sending OTP code using double-pressed scroll/num/capslock + /// @param use_tokenID @see token_ID + /// @param token_ID @see https://openauthentication.org/token-specs/, 'Class A' section + /// @param temporary_password char[20](Pro) admin temporary password + /// @return command processing error code + pub fn NK_write_totp_slot( + slot_number: u8, + slot_name: *const ::std::os::raw::c_char, + secret: *const ::std::os::raw::c_char, + time_window: u16, + use_8_digits: bool, + use_enter: bool, + use_tokenID: bool, + token_ID: *const ::std::os::raw::c_char, + temporary_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get HOTP code from the device + /// @param slot_number HOTP slot number, slot_number<3 + /// @return HOTP code + pub fn NK_get_hotp_code(slot_number: u8) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get HOTP code from the device (PIN protected) + /// @param slot_number HOTP slot number, slot_number<3 + /// @param user_temporary_password char[25](Pro) user temporary password if PIN protected OTP codes are enabled, + /// otherwise should be set to empty string - '' + /// @return HOTP code + pub fn NK_get_hotp_code_PIN( + slot_number: u8, + user_temporary_password: *const ::std::os::raw::c_char, + ) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get TOTP code from the device + /// @param slot_number TOTP slot number, slot_number<15 + /// @param challenge TOTP challenge + /// @param last_totp_time last time + /// @param last_interval last interval + /// @return TOTP code + pub fn NK_get_totp_code( + slot_number: u8, + challenge: u64, + last_totp_time: u64, + last_interval: u8, + ) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get TOTP code from the device (PIN protected) + /// @param slot_number TOTP slot number, slot_number<15 + /// @param challenge TOTP challenge + /// @param last_totp_time last time + /// @param last_interval last interval + /// @param user_temporary_password char[25](Pro) user temporary password if PIN protected OTP codes are enabled, + /// otherwise should be set to empty string - '' + /// @return TOTP code + pub fn NK_get_totp_code_PIN( + slot_number: u8, + challenge: u64, + last_totp_time: u64, + last_interval: u8, + user_temporary_password: *const ::std::os::raw::c_char, + ) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Set time on the device (for TOTP requests) + /// @param time seconds in unix epoch (from 01.01.1970) + /// @return command processing error code + pub fn NK_totp_set_time(time: u64) -> ::std::os::raw::c_int; +} +extern "C" { + pub fn NK_totp_get_time() -> ::std::os::raw::c_int; +} +extern "C" { + /// Change administrator PIN + /// @param current_PIN char[25](Pro) current PIN + /// @param new_PIN char[25](Pro) new PIN + /// @return command processing error code + pub fn NK_change_admin_PIN( + current_PIN: *const ::std::os::raw::c_char, + new_PIN: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Change user PIN + /// @param current_PIN char[25](Pro) current PIN + /// @param new_PIN char[25](Pro) new PIN + /// @return command processing error code + pub fn NK_change_user_PIN( + current_PIN: *const ::std::os::raw::c_char, + new_PIN: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get retry count of user PIN + /// @return user PIN retry count + pub fn NK_get_user_retry_count() -> u8; +} +extern "C" { + /// Get retry count of admin PIN + /// @return admin PIN retry count + pub fn NK_get_admin_retry_count() -> u8; +} +extern "C" { + /// Enable password safe access + /// @param user_pin char[30](Pro) current user PIN + /// @return command processing error code + pub fn NK_enable_password_safe( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get password safe slots' status + /// @return uint8_t[16] slot statuses - each byte represents one slot with 0 (not programmed) and 1 (programmed) + pub fn NK_get_password_safe_slot_status() -> *mut u8; +} +extern "C" { + /// Get password safe slot name + /// @param slot_number password safe slot number, slot_number<16 + /// @return slot name + pub fn NK_get_password_safe_slot_name(slot_number: u8) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get password safe slot login + /// @param slot_number password safe slot number, slot_number<16 + /// @return login from the PWS slot + pub fn NK_get_password_safe_slot_login(slot_number: u8) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get the password safe slot password + /// @param slot_number password safe slot number, slot_number<16 + /// @return password from the PWS slot + pub fn NK_get_password_safe_slot_password(slot_number: u8) -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Write password safe data to the slot + /// @param slot_number password safe slot number, slot_number<16 + /// @param slot_name char[11](Pro) name of the slot + /// @param slot_login char[32](Pro) login string + /// @param slot_password char[20](Pro) password string + /// @return command processing error code + pub fn NK_write_password_safe_slot( + slot_number: u8, + slot_name: *const ::std::os::raw::c_char, + slot_login: *const ::std::os::raw::c_char, + slot_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Erase the password safe slot from the device + /// @param slot_number password safe slot number, slot_number<16 + /// @return command processing error code + pub fn NK_erase_password_safe_slot(slot_number: u8) -> ::std::os::raw::c_int; +} +extern "C" { + /// Check whether AES is supported by the device + /// @return 0 for no and 1 for yes + pub fn NK_is_AES_supported( + user_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get device's major firmware version + /// @return major part of the version number (e.g. 0 from 0.48, 0 from 0.7 etc.) + pub fn NK_get_major_firmware_version() -> ::std::os::raw::c_int; +} +extern "C" { + /// Get device's minor firmware version + /// @return minor part of the version number (e.g. 7 from 0.7, 48 from 0.48 etc.) + pub fn NK_get_minor_firmware_version() -> ::std::os::raw::c_int; +} +extern "C" { + /// Function to determine unencrypted volume PIN type + /// @param minor_firmware_version + /// @return Returns 1, if set unencrypted volume ro/rw pin type is User, 0 otherwise. + pub fn NK_set_unencrypted_volume_rorw_pin_type_user() -> ::std::os::raw::c_int; +} +extern "C" { + /// This command is typically run to initiate + /// communication with the device (altough not required). + /// It sets time on device and returns its current status + /// - a combination of set_time and get_status_storage commands + /// Storage only + /// @param seconds_from_epoch date and time expressed in seconds + pub fn NK_send_startup(seconds_from_epoch: u64) -> ::std::os::raw::c_int; +} +extern "C" { + /// Unlock encrypted volume. + /// Storage only + /// @param user_pin user pin 20 characters + /// @return command processing error code + pub fn NK_unlock_encrypted_volume( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Locks encrypted volume + /// @return command processing error code + pub fn NK_lock_encrypted_volume() -> ::std::os::raw::c_int; +} +extern "C" { + /// Unlock hidden volume and lock encrypted volume. + /// Requires encrypted volume to be unlocked. + /// Storage only + /// @param hidden_volume_password 20 characters + /// @return command processing error code + pub fn NK_unlock_hidden_volume( + hidden_volume_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Locks hidden volume + /// @return command processing error code + pub fn NK_lock_hidden_volume() -> ::std::os::raw::c_int; +} +extern "C" { + /// Create hidden volume. + /// Requires encrypted volume to be unlocked. + /// Storage only + /// @param slot_nr slot number in range 0-3 + /// @param start_percent volume begin expressed in percent of total available storage, int in range 0-99 + /// @param end_percent volume end expressed in percent of total available storage, int in range 1-100 + /// @param hidden_volume_password 20 characters + /// @return command processing error code + pub fn NK_create_hidden_volume( + slot_nr: u8, + start_percent: u8, + end_percent: u8, + hidden_volume_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-only. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.50, v0.48 and below + /// Storage only + /// @param user_pin 20 characters User PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_only( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-write. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.50, v0.48 and below + /// Storage only + /// @param user_pin 20 characters User PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_write( + user_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-only. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.49, v0.51+ + /// Storage only + /// @param admin_pin 20 characters Admin PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_only_admin( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make unencrypted volume read-write. + /// Device hides unencrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Does nothing if firmware version is not matched + /// Firmware range: Storage v0.49, v0.51+ + /// Storage only + /// @param admin_pin 20 characters Admin PIN + /// @return command processing error code + pub fn NK_set_unencrypted_read_write_admin( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make encrypted volume read-only. + /// Device hides encrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Firmware range: v0.49 only, future (see firmware release notes) + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_set_encrypted_read_only( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Make encrypted volume read-write. + /// Device hides encrypted volume for a second therefore make sure + /// buffers are flushed before running. + /// Firmware range: v0.49 only, future (see firmware release notes) + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_set_encrypted_read_write( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Exports device's firmware to unencrypted volume. + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_export_firmware(admin_pin: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} +extern "C" { + /// Clear new SD card notification. It is set after factory reset. + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_clear_new_sd_card_warning( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Fill SD card with random data. + /// Should be done on first stick initialization after creating keys. + /// Storage only + /// @param admin_pin 20 characters + /// @return command processing error code + pub fn NK_fill_SD_card_with_random_data( + admin_pin: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Change update password. + /// Update password is used for entering update mode, where firmware + /// could be uploaded using dfu-programmer or other means. + /// Storage only + /// @param current_update_password 20 characters + /// @param new_update_password 20 characters + /// @return command processing error code + pub fn NK_change_update_password( + current_update_password: *const ::std::os::raw::c_char, + new_update_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Enter update mode. Needs update password. + /// When device is in update mode it no longer accepts any HID commands until + /// firmware is launched (regardless of being updated or not). + /// Smartcard (through CCID interface) and its all volumes are not visible as well. + /// Its VID and PID are changed to factory-default (03eb:2ff1 Atmel Corp.) + /// to be detected by flashing software. Result of this command can be reversed + /// by using 'launch' command. + /// For dfu-programmer it would be: 'dfu-programmer at32uc3a3256s launch'. + /// Storage only + /// @param update_password 20 characters + /// @return command processing error code + pub fn NK_enable_firmware_update( + update_password: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; +} +extern "C" { + /// Get Storage stick status as string. + /// Storage only + /// @return string with devices attributes + pub fn NK_get_status_storage_as_string() -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get SD card usage attributes as string. + /// Usable during hidden volumes creation. + /// Storage only + /// @return string with SD card usage attributes + pub fn NK_get_SD_usage_data_as_string() -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Get progress value of current long operation. + /// Storage only + /// @return int in range 0-100 or -1 if device is not busy + pub fn NK_get_progress_bar_value() -> ::std::os::raw::c_int; +} +extern "C" { + /// Returns a list of connected devices' id's, delimited by ';' character. Empty string is returned on no device found. + /// Each ID could consist of: + /// 1. SC_id:SD_id_p_path (about 40 bytes) + /// 2. path (about 10 bytes) + /// where 'path' is USB path (bus:num), 'SC_id' is smartcard ID, 'SD_id' is storage card ID and + /// '_p_' and ':' are field delimiters. + /// Case 2 (USB path only) is used, when the device cannot be asked about its status data (e.g. during a long operation, + /// like clearing SD card. + /// Internally connects to all available devices and creates a map between ids and connection objects. + /// Side effects: changes active device to last detected Storage device. + /// Storage only + /// @example Example of returned data: '00005d19:dacc2cb4_p_0001:0010:02;000037c7:4cf12445_p_0001:000f:02;0001:000c:02' + /// @return string delimited id's of connected devices + pub fn NK_list_devices_by_cpuID() -> *const ::std::os::raw::c_char; +} +extern "C" { + /// Connects to the device with given ID. ID's list could be created with NK_list_devices_by_cpuID. + /// Requires calling to NK_list_devices_by_cpuID first. Connecting to arbitrary ID/USB path is not handled. + /// On connection requests status from device and disconnects it / removes from map on connection failure. + /// Storage only + /// @param id Target device ID (example: '00005d19:dacc2cb4_p_0001:0010:02') + /// @return 1 on successful connection, 0 otherwise + pub fn NK_connect_with_ID(id: *const ::std::os::raw::c_char) -> ::std::os::raw::c_int; +} @@ -2,7 +2,9 @@ #![allow(non_camel_case_types)] #![allow(non_snake_case)] -include!(concat!(env!("OUT_DIR"), "/bindings.rs")); +mod ffi; + +pub use ffi::*; #[cfg(test)] mod tests { |