Check slot status before accessing the PWS

The Nitrokey devices do not check whether a PWS slot is programmed before accessing it (upstream issues [0] [1]). Until this is fixed in the firmware, we have to manually check the slot status in pws get. This could have been done in libnitrokey or the nitrokey crate, yet this would lead to unnecessary commands if we check multiple fields of a slot at the same time. [0] Nitrokey/nitrokey-pro-firmware#56 [1] Nitrokey/nitrokey-storage-firmware#81
d-e-s-o · Jan 27, 2019 · 2809a90 · 2809a90
1 parent c2159f7
commit 2809a90
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/nitrocli/CHANGELOG.md b/nitrocli/CHANGELOG.md
@@ -2,6 +2,7 @@ Unreleased
 ----------
 - Added the `reset` command to perform a factory reset
 - Added the `-V`/`--version` option to print the program's version
+- Check the status of a PWS slot before accessing it in `pws get`
 
 
 0.2.3

diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
@@ -757,6 +757,23 @@ fn print_pws_data(
  Ok(())
 }
 
+fn check_slot(pws: &nitrokey::PasswordSafe<'_>, slot: u8) -> Result<()> {
+ if slot >= nitrokey::SLOT_COUNT {
+ return Err(nitrokey::CommandError::InvalidSlot.into());
+ }
+ let status = pws
+ .get_slot_status()
+ .map_err(|err| get_error("Could not read PWS slot status", err))?;
+ if status[slot as usize] {
+ Ok(())
+ } else {
+ Err(get_error(
+ "Could not access PWS slot",
+ nitrokey::CommandError::SlotNotProgrammed,
+ ))
+ }
+}
+
 /// Read a PWS slot.
 pub fn pws_get(
  ctx: &mut args::ExecCtx<'_>,
@@ -768,6 +785,8 @@ pub fn pws_get(
 ) -> Result<()> {
  let device = get_device(ctx)?;
  let pws = get_password_safe(ctx, &device)?;
+ check_slot(&pws, slot)?;
+
  let show_all = !show_name && !show_login && !show_password;
  if show_all || show_name {
  print_pws_data(ctx, "name: ", pws.get_slot_name(slot), quiet)?;