diff --git a/tools/src/bin/opgpcard/commands/admin.rs b/tools/src/bin/opgpcard/commands/admin.rs index 55215bf..7315900 100644 --- a/tools/src/bin/opgpcard/commands/admin.rs +++ b/tools/src/bin/opgpcard/commands/admin.rs @@ -249,7 +249,7 @@ pub fn admin( let mut open: Card = backend.into(); let mut card = open.transaction()?; - let admin_pin = util::get_pin(&mut card, command.admin_pin, ENTER_ADMIN_PIN); + let admin_pin = util::get_pin(&mut card, command.admin_pin, ENTER_ADMIN_PIN)?; match command.cmd { AdminSubCommand::Name { name } => { @@ -498,7 +498,7 @@ fn generate_command( cmd: AdminGenerateCommand, ) -> Result<()> { - let user_pin = util::get_pin(&mut card, cmd.user_pin, ENTER_USER_PIN); + let user_pin = util::get_pin(&mut card, cmd.user_pin, ENTER_USER_PIN)?; let mut output = output::AdminGenerate::default(); output.ident(card.application_identifier()?.ident()); diff --git a/tools/src/bin/opgpcard/commands/attestation.rs b/tools/src/bin/opgpcard/commands/attestation.rs index 8e0b76d..02801bd 100644 --- a/tools/src/bin/opgpcard/commands/attestation.rs +++ b/tools/src/bin/opgpcard/commands/attestation.rs @@ -146,7 +146,7 @@ fn generate( let mut open: Card = backend.into(); let mut card = open.transaction()?; - let user_pin = util::get_pin(&mut card, user_pin, ENTER_USER_PIN); + let user_pin = util::get_pin(&mut card, user_pin, ENTER_USER_PIN)?; let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?; diff --git a/tools/src/bin/opgpcard/commands/decrypt.rs b/tools/src/bin/opgpcard/commands/decrypt.rs index 830809c..ffdb98b 100644 --- a/tools/src/bin/opgpcard/commands/decrypt.rs +++ b/tools/src/bin/opgpcard/commands/decrypt.rs @@ -55,7 +55,7 @@ pub fn decrypt(command: DecryptCommand) -> Result<(), Box return Err(anyhow!("Can't decrypt: this card has no key in the decryption slot.").into()); } - let user_pin = util::get_pin(&mut card, command.pin_file, crate::ENTER_USER_PIN); + let user_pin = util::get_pin(&mut card, command.pin_file, crate::ENTER_USER_PIN)?; let mut user = util::verify_to_user(&mut card, user_pin.as_deref())?; let d = user.decryptor(&|| println!("Touch confirmation needed for decryption"))?; diff --git a/tools/src/bin/opgpcard/commands/pin.rs b/tools/src/bin/opgpcard/commands/pin.rs index 94139c8..650f662 100644 --- a/tools/src/bin/opgpcard/commands/pin.rs +++ b/tools/src/bin/opgpcard/commands/pin.rs @@ -179,7 +179,7 @@ fn set_user( let res = if !pinpad_modify { // get current user pin - let user_pin1 = util::get_pin(&mut card, user_pin_old, ENTER_USER_PIN) + let user_pin1 = util::get_pin(&mut card, user_pin_old, ENTER_USER_PIN)? .expect("this should never be None"); // verify pin @@ -223,7 +223,7 @@ fn set_admin( if !pinpad_modify { // get current admin pin - let admin_pin1 = util::get_pin(&mut card, admin_pin_old, ENTER_ADMIN_PIN) + let admin_pin1 = util::get_pin(&mut card, admin_pin_old, ENTER_ADMIN_PIN)? .expect("this should never be None"); // verify pin @@ -260,7 +260,7 @@ fn reset_user( mut card: Card, ) -> Result<()> { // verify admin pin - match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN) { + match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN)? { Some(admin_pin) => { // verify pin card.verify_admin(&admin_pin)?; @@ -299,7 +299,7 @@ fn set_reset( mut card: Card, ) -> Result<()> { // verify admin pin - match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN) { + match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN)? { Some(admin_pin) => { // verify pin card.verify_admin(&admin_pin)?; diff --git a/tools/src/bin/opgpcard/commands/pubkey.rs b/tools/src/bin/opgpcard/commands/pubkey.rs index 2dcfbb8..c8f7708 100644 --- a/tools/src/bin/opgpcard/commands/pubkey.rs +++ b/tools/src/bin/opgpcard/commands/pubkey.rs @@ -56,7 +56,7 @@ pub fn print_pubkey( let ident = card.application_identifier()?.ident(); output.ident(ident); - let user_pin = util::get_pin(&mut card, command.user_pin, crate::ENTER_USER_PIN); + let user_pin = util::get_pin(&mut card, command.user_pin, crate::ENTER_USER_PIN)?; let pkm = card.public_key(KeyType::Signing)?; let times = card.key_generation_times()?; diff --git a/tools/src/bin/opgpcard/commands/sign.rs b/tools/src/bin/opgpcard/commands/sign.rs index e00e9c1..901cf0f 100644 --- a/tools/src/bin/opgpcard/commands/sign.rs +++ b/tools/src/bin/opgpcard/commands/sign.rs @@ -76,7 +76,7 @@ pub fn sign_detached( return Err(anyhow!("Can't sign: this card has no key in the signing slot.").into()); } - let user_pin = util::get_pin(&mut card, pin_file, crate::ENTER_USER_PIN); + let user_pin = util::get_pin(&mut card, pin_file, crate::ENTER_USER_PIN)?; let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?; let s = sign.signer(&|| println!("Touch confirmation needed for signing"))?; diff --git a/tools/src/bin/opgpcard/util.rs b/tools/src/bin/opgpcard/util.rs index a2d7b0c..1e3b302 100644 --- a/tools/src/bin/opgpcard/util.rs +++ b/tools/src/bin/opgpcard/util.rs @@ -27,17 +27,20 @@ pub(crate) fn get_pin( card: &mut Card>, pin_file: Option, msg: &str, -) -> Option> { +) -> Result>> { if let Some(path) = pin_file { // we have a pin file - Some(load_pin(&path).ok()?) + Ok(Some(load_pin(&path).context(format!( + "Failed to read PIN file {}", + path.display() + ))?)) } else if !card.feature_pinpad_verify() { // we have no pin file and no pinpad - let pin = rpassword::prompt_password(msg).ok()?; - Some(pin.into_bytes()) + let pin = rpassword::prompt_password(msg).context("Failed to read PIN")?; + Ok(Some(pin.into_bytes())) } else { // we have a pinpad - None + Ok(None) } }