turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

openpgp-card-sequoia: normalize naming of pin verify fns

Browse source
This commit is contained in:
Heiko Schaefer 2023-09-05 17:38:51 +02:00
parent b6fef9511a
commit 041228a4a2
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
4 changed files with 25 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
card-functionality/src/tests.rs
View file

@ -513,7 +513,7 @@ pub fn test_verify(mut card: Card<Open>, _param: &[&str]) -> Result<TestOutput,
panic!("Status should be 'SecurityStatusNotSatisfied'"); panic!("Status should be 'SecurityStatusNotSatisfied'");
} }
transaction.verify_admin("12345678")?; transaction.verify_admin_pin("12345678")?;
match transaction.check_admin_verified() { match transaction.check_admin_verified() {
Err(Error::CardStatus(s)) => { Err(Error::CardStatus(s)) => {
@ -535,7 +535,7 @@ pub fn test_verify(mut card: Card<Open>, _param: &[&str]) -> Result<TestOutput,
let cardholder = transaction.cardholder_related_data()?; let cardholder = transaction.cardholder_related_data()?;
assert_eq!(cardholder.name(), Some("Admin<<Hello".as_bytes())); assert_eq!(cardholder.name(), Some("Admin<<Hello".as_bytes()));
transaction.verify_user("123456")?; transaction.verify_user_pin("123456")?;
match transaction.check_user_verified() { match transaction.check_user_verified() {
Err(Error::CardStatus(s)) => { Err(Error::CardStatus(s)) => {
@ -580,7 +580,7 @@ pub fn test_change_pw(mut card: Card<Open>, _param: &[&str]) -> Result<TestOutpu
// ca.change_pw1("123456", "abcdef")?; // ca.change_pw1("123456", "abcdef")?;
println!("verify bad pw1"); println!("verify bad pw1");
match transaction.verify_user("123456ab") { match transaction.verify_user_pin("123456ab") {
Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => {
// this is expected // this is expected
} }
@ -591,10 +591,10 @@ pub fn test_change_pw(mut card: Card<Open>, _param: &[&str]) -> Result<TestOutpu
} }
println!("verify good pw1"); println!("verify good pw1");
transaction.verify_user("abcdef")?; transaction.verify_user_pin("abcdef")?;
println!("verify bad pw3"); println!("verify bad pw3");
match transaction.verify_admin("00000000") { match transaction.verify_admin_pin("00000000") {
Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => {
// this is expected // this is expected
} }
@ -605,7 +605,7 @@ pub fn test_change_pw(mut card: Card<Open>, _param: &[&str]) -> Result<TestOutpu
} }
println!("verify good pw3"); println!("verify good pw3");
transaction.verify_admin("abcdefgh")?; transaction.verify_admin_pin("abcdefgh")?;
println!("change pw3 back to default"); println!("change pw3 back to default");
transaction.change_admin_pin("abcdefgh", "12345678")?; transaction.change_admin_pin("abcdefgh", "12345678")?;
@ -631,10 +631,10 @@ pub fn test_reset_retry_counter(
transaction.change_user_pin("123456", "123456")?; transaction.change_user_pin("123456", "123456")?;
println!("break pw1"); println!("break pw1");
let _ = transaction.verify_user("wrong0"); let _ = transaction.verify_user_pin("wrong0");
let _ = transaction.verify_user("wrong0"); let _ = transaction.verify_user_pin("wrong0");
let _ = transaction.verify_user("wrong0"); let _ = transaction.verify_user_pin("wrong0");
let res = transaction.verify_user("wrong0"); let res = transaction.verify_user_pin("wrong0");
match res { match res {
Err(Error::CardStatus(StatusBytes::AuthenticationMethodBlocked)) => { Err(Error::CardStatus(StatusBytes::AuthenticationMethodBlocked)) => {
@ -653,7 +653,7 @@ pub fn test_reset_retry_counter(
} }
println!("verify pw3"); println!("verify pw3");
transaction.verify_admin("12345678")?; transaction.verify_admin_pin("12345678")?;
println!("set resetting code"); println!("set resetting code");
let mut admin = transaction.to_admin_card(None)?; let mut admin = transaction.to_admin_card(None)?;
@ -664,10 +664,10 @@ pub fn test_reset_retry_counter(
let _res = transaction.reset_user_pin("abcdef", "abcdefgh"); let _res = transaction.reset_user_pin("abcdef", "abcdefgh");
println!("verify good pw1"); println!("verify good pw1");
transaction.verify_user("abcdef")?; transaction.verify_user_pin("abcdef")?;
println!("verify bad pw1"); println!("verify bad pw1");
match transaction.verify_user("00000000") { match transaction.verify_user_pin("00000000") {
Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => { Err(Error::CardStatus(StatusBytes::SecurityStatusNotSatisfied)) => {
// this is expected // this is expected
} }

6
openpgp-card-sequoia/examples/test.rs
View file

@ -93,7 +93,7 @@ fn main() -> Result<(), Box<dyn Error>> {
println!("factory reset\n"); println!("factory reset\n");
transaction.factory_reset()?; transaction.factory_reset()?;
transaction.verify_admin("12345678")?; transaction.verify_admin_pin("12345678")?;
println!("verify for admin ok"); println!("verify for admin ok");
let check = transaction.check_user_verified(); let check = transaction.check_user_verified();
@ -152,7 +152,7 @@ fn main() -> Result<(), Box<dyn Error>> {
let check = transaction.check_user_verified(); let check = transaction.check_user_verified();
println!("has user (pw1/82) been verified yet?\n{check:x?}\n"); println!("has user (pw1/82) been verified yet?\n{check:x?}\n");
transaction.verify_user("123456")?; transaction.verify_user_pin("123456")?;
println!("verify for user (pw1/82) ok"); println!("verify for user (pw1/82) ok");
let check = transaction.check_user_verified(); let check = transaction.check_user_verified();
@ -187,7 +187,7 @@ fn main() -> Result<(), Box<dyn Error>> {
let mut transaction = card.transaction()?; let mut transaction = card.transaction()?;
// Sign // Sign
transaction.verify_user_for_signing("123456")?; transaction.verify_user_signing_pin("123456")?;
println!("verify for sign (pw1/81) ok\n"); println!("verify for sign (pw1/81) ok\n");
// Use Sign access to card // Use Sign access to card

17
openpgp-card-sequoia/src/lib.rs
View file

@ -312,7 +312,7 @@ impl<'a> Card<Transaction<'a>> {
} }
/// Verify the User PIN (for operations such as decryption) /// Verify the User PIN (for operations such as decryption)
pub fn verify_user(&mut self, pin: &str) -> Result<(), Error> { pub fn verify_user_pin(&mut self, pin: &str) -> Result<(), Error> {
self.state.opt.verify_pw1_user(pin.as_bytes())?; self.state.opt.verify_pw1_user(pin.as_bytes())?;
self.state.pw1 = true; self.state.pw1 = true;
Ok(()) Ok(())
@ -333,7 +333,7 @@ impl<'a> Card<Transaction<'a>> {
/// (Note that depending on the configuration of the card, this may enable /// (Note that depending on the configuration of the card, this may enable
/// performing just one signing operation, or an unlimited amount of /// performing just one signing operation, or an unlimited amount of
/// signing operations). /// signing operations).
pub fn verify_user_for_signing(&mut self, pin: &str) -> Result<(), Error> { pub fn verify_user_signing_pin(&mut self, pin: &str) -> Result<(), Error> {
self.state.opt.verify_pw1_sign(pin.as_bytes())?; self.state.opt.verify_pw1_sign(pin.as_bytes())?;
// FIXME: depending on card mode, pw1_sign is only usable once // FIXME: depending on card mode, pw1_sign is only usable once
@ -344,10 +344,7 @@ impl<'a> Card<Transaction<'a>> {
/// Verify the User PIN for signing operations with a physical PIN pad /// Verify the User PIN for signing operations with a physical PIN pad
/// (if available, see [`Self::feature_pinpad_verify`]). /// (if available, see [`Self::feature_pinpad_verify`]).
pub fn verify_user_for_signing_pinpad( pub fn verify_user_signing_pinpad(&mut self, pinpad_prompt: &dyn Fn()) -> Result<(), Error> {
&mut self,
pinpad_prompt: &dyn Fn(),
) -> Result<(), Error> {
pinpad_prompt(); pinpad_prompt();
self.state.opt.verify_pw1_sign_pinpad()?; self.state.opt.verify_pw1_sign_pinpad()?;
@ -359,7 +356,7 @@ impl<'a> Card<Transaction<'a>> {
} }
/// Verify the Admin PIN. /// Verify the Admin PIN.
pub fn verify_admin(&mut self, pin: &str) -> Result<(), Error> { pub fn verify_admin_pin(&mut self, pin: &str) -> Result<(), Error> {
self.state.opt.verify_pw3(pin.as_bytes())?; self.state.opt.verify_pw3(pin.as_bytes())?;
self.state.pw3 = true; self.state.pw3 = true;
Ok(()) Ok(())
@ -433,7 +430,7 @@ impl<'a> Card<Transaction<'a>> {
let pin: OptionalPin = pin.into(); let pin: OptionalPin = pin.into();
if let Some(pin) = pin.0 { if let Some(pin) = pin.0 {
self.verify_user(String::from_utf8_lossy(pin).as_ref())?; self.verify_user_pin(String::from_utf8_lossy(pin).as_ref())?;
} }
Ok(Card::<User> { Ok(Card::<User> {
@ -452,7 +449,7 @@ impl<'a> Card<Transaction<'a>> {
let pin: OptionalPin = pin.into(); let pin: OptionalPin = pin.into();
if let Some(pin) = pin.0 { if let Some(pin) = pin.0 {
self.verify_user_for_signing(String::from_utf8_lossy(pin).as_ref())?; self.verify_user_signing_pin(String::from_utf8_lossy(pin).as_ref())?;
} }
Ok(Card::<Sign> { Ok(Card::<Sign> {
@ -471,7 +468,7 @@ impl<'a> Card<Transaction<'a>> {
let pin: OptionalPin = pin.into(); let pin: OptionalPin = pin.into();
if let Some(pin) = pin.0 { if let Some(pin) = pin.0 {
self.verify_admin(String::from_utf8_lossy(pin).as_ref())?; self.verify_admin_pin(String::from_utf8_lossy(pin).as_ref())?;
} }
Ok(Card::<Admin> { Ok(Card::<Admin> {

4
openpgp-card-sequoia/src/util.rs
View file

@ -54,9 +54,9 @@ pub fn make_cert(
|op: &mut dyn Fn(&mut dyn sequoia_openpgp::crypto::Signer) -> Result<Signature>| { |op: &mut dyn Fn(&mut dyn sequoia_openpgp::crypto::Signer) -> Result<Signature>| {
// Allow signing on the card // Allow signing on the card
if let Some(pw1) = pw1 { if let Some(pw1) = pw1 {
open.verify_user_for_signing(pw1)?; open.verify_user_signing_pin(pw1)?;
} else { } else {
open.verify_user_for_signing_pinpad(pinpad_prompt)?; open.verify_user_signing_pinpad(pinpad_prompt)?;
} }
let mut sign = open.to_signing_card(None)?; let mut sign = open.to_signing_card(None)?;