turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

opgpcard: Reorganize pin

Browse source
This commit is contained in:
Nora Widdecke 2022-10-26 13:48:32 +02:00
parent b6dfa08d52
commit 1ecaf396c7
No known key found for this signature in database
GPG key ID: 2D4111B31DBB99B6
1 changed files with 204 additions and 167 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

97
tools/src/bin/opgpcard/commands/pin.rs
View file

@ -7,7 +7,7 @@ use std::path::PathBuf;
use anyhow::Result; use anyhow::Result;
use clap::Parser; use clap::Parser;
use openpgp_card_sequoia::card::Card; use openpgp_card_sequoia::card::{Card, Open};
use crate::util; use crate::util;
use crate::util::{load_pin, print_gnuk_note}; use crate::util::{load_pin, print_gnuk_note};
@ -71,17 +71,51 @@ pub enum PinSubCommand {
} }
pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> { pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> {
let backend = util::open_card(&ident)?; let backend = util::open_card(ident)?;
let mut card = Card::new(backend); let mut card = Card::new(backend);
let mut open = card.transaction()?; let mut open = card.transaction()?;
let pinpad_modify = open.feature_pinpad_modify(); let pinpad_modify = open.feature_pinpad_modify();
// TODO de-complicate return, remove question marks
match cmd { match cmd {
PinSubCommand::SetUser { PinSubCommand::SetUser {
user_pin_old, user_pin_old,
user_pin_new, user_pin_new,
} => { } => set_user(user_pin_old, user_pin_new, pinpad_modify, open)?,
PinSubCommand::SetAdmin {
admin_pin_old,
admin_pin_new,
} => set_admin(admin_pin_old, admin_pin_new, pinpad_modify, open)?,
// TODO: this doesn't use pinpad_modify, maybe don't compute it before this?
PinSubCommand::ResetUser {
admin_pin,
user_pin_new,
} => reset_user(admin_pin, user_pin_new, open)?,
// TODO: this doesn't use pinpad_modify, maybe don't compute it before this?
PinSubCommand::SetReset {
admin_pin,
reset_code,
} => set_reset(admin_pin, reset_code, open)?,
// TODO: this doesn't use pinpad_modify, maybe don't compute it before this?
PinSubCommand::ResetUserRc {
reset_code,
user_pin_new,
} => reset_user_rc(reset_code, user_pin_new, open)?,
}
Ok(())
}
fn set_user(
user_pin_old: Option<PathBuf>,
user_pin_new: Option<PathBuf>,
pinpad_modify: bool,
mut open: Open,
) -> Result<()> {
let res = if !pinpad_modify { let res = if !pinpad_modify {
// get current user pin // get current user pin
let user_pin1 = util::get_pin(&mut open, user_pin_old, ENTER_USER_PIN) let user_pin1 = util::get_pin(&mut open, user_pin_old, ENTER_USER_PIN)
@ -118,11 +152,15 @@ pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> {
} else { } else {
println!("\nUser PIN has been set."); println!("\nUser PIN has been set.");
} }
Ok(())
} }
PinSubCommand::SetAdmin {
admin_pin_old, fn set_admin(
admin_pin_new, admin_pin_old: Option<PathBuf>,
} => { admin_pin_new: Option<PathBuf>,
pinpad_modify: bool,
mut open: Open,
) -> Result<()> {
if !pinpad_modify { if !pinpad_modify {
// get current admin pin // get current admin pin
let admin_pin1 = util::get_pin(&mut open, admin_pin_old, ENTER_ADMIN_PIN) let admin_pin1 = util::get_pin(&mut open, admin_pin_old, ENTER_ADMIN_PIN)
@ -138,10 +176,7 @@ pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> {
let pin_new = match admin_pin_new { let pin_new = match admin_pin_new {
None => { None => {
// ask user for new admin pin // ask user for new admin pin
util::input_pin_twice( util::input_pin_twice("Enter new Admin PIN: ", "Repeat the new Admin PIN: ")?
"Enter new Admin PIN: ",
"Repeat the new Admin PIN: ",
)?
} }
Some(path) => load_pin(&path)?, Some(path) => load_pin(&path)?,
}; };
@ -151,19 +186,19 @@ pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> {
} else { } else {
// set new admin pin via pinpad // set new admin pin via pinpad
open.change_admin_pin_pinpad(&|| { open.change_admin_pin_pinpad(&|| {
println!( println!("Enter old Admin PIN on card reader pinpad, then new Admin PIN (twice).")
"Enter old Admin PIN on card reader pinpad, then new Admin PIN (twice)."
)
})?; })?;
}; };
println!("\nAdmin PIN has been set."); println!("\nAdmin PIN has been set.");
Ok(())
} }
PinSubCommand::ResetUser { fn reset_user(
admin_pin, admin_pin: Option<PathBuf>,
user_pin_new, user_pin_new: Option<PathBuf>,
} => { mut open: Open,
) -> Result<()> {
// verify admin pin // verify admin pin
match util::get_pin(&mut open, admin_pin, ENTER_ADMIN_PIN) { match util::get_pin(&mut open, admin_pin, ENTER_ADMIN_PIN) {
Some(admin_pin) => { Some(admin_pin) => {
@ -196,12 +231,14 @@ pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> {
} else { } else {
println!("\nUser PIN has been set."); println!("\nUser PIN has been set.");
} }
Ok(())
} }
PinSubCommand::SetReset { fn set_reset(
admin_pin, admin_pin: Option<PathBuf>,
reset_code, reset_code: Option<PathBuf>,
} => { mut open: Open,
) -> Result<()> {
// verify admin pin // verify admin pin
match util::get_pin(&mut open, admin_pin, ENTER_ADMIN_PIN) { match util::get_pin(&mut open, admin_pin, ENTER_ADMIN_PIN) {
Some(admin_pin) => { Some(admin_pin) => {
@ -226,15 +263,17 @@ pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> {
if let Some(mut admin) = open.admin_card() { if let Some(mut admin) = open.admin_card() {
admin.set_resetting_code(&code)?; admin.set_resetting_code(&code)?;
println!("\nResetting code has been set."); println!("\nResetting code has been set.");
Ok(())
} else { } else {
return Err(anyhow::anyhow!("Failed to use card in admin-mode.").into()); Err(anyhow::anyhow!("Failed to use card in admin-mode.").into())
}; }
} }
PinSubCommand::ResetUserRc { fn reset_user_rc(
reset_code, reset_code: Option<PathBuf>,
user_pin_new, user_pin_new: Option<PathBuf>,
} => { mut open: Open,
) -> Result<()> {
// reset by presenting resetting code // reset by presenting resetting code
let rst = if let Some(path) = reset_code { let rst = if let Some(path) = reset_code {
@ -261,7 +300,5 @@ pub fn pin(ident: &str, cmd: PinSubCommand) -> Result<()> {
} }
Ok(_) => println!("\nUser PIN has been set."), Ok(_) => println!("\nUser PIN has been set."),
} }
}
}
Ok(()) Ok(())
} }