opgpcard: Add error handling for PIN file

- If a PIN file could not be read, there is no error and the program proceeds as if no PIN file argument was given. - Add error handling for read errors of the PIN file. Fixes #43
2022-10-28 13:12:15 +02:00 · 2022-10-28 13:12:15 +02:00 · 3169855e5c
commit 3169855e5c
parent 538dc16165
7 changed files with 18 additions and 15 deletions
--- a/tools/src/bin/opgpcard/commands/admin.rs
+++ b/tools/src/bin/opgpcard/commands/admin.rs
@ -249,7 +249,7 @@ pub fn admin(
    let mut open: Card<Open> = backend.into();
    let mut card = open.transaction()?;

-    let admin_pin = util::get_pin(&mut card, command.admin_pin, ENTER_ADMIN_PIN);
+    let admin_pin = util::get_pin(&mut card, command.admin_pin, ENTER_ADMIN_PIN)?;

    match command.cmd {
        AdminSubCommand::Name { name } => {
@ -498,7 +498,7 @@ fn generate_command(

    cmd: AdminGenerateCommand,
 ) -> Result<()> {
-    let user_pin = util::get_pin(&mut card, cmd.user_pin, ENTER_USER_PIN);
+    let user_pin = util::get_pin(&mut card, cmd.user_pin, ENTER_USER_PIN)?;

    let mut output = output::AdminGenerate::default();
    output.ident(card.application_identifier()?.ident());
--- a/tools/src/bin/opgpcard/commands/attestation.rs
+++ b/tools/src/bin/opgpcard/commands/attestation.rs
@ -146,7 +146,7 @@ fn generate(
    let mut open: Card<Open> = backend.into();
    let mut card = open.transaction()?;

-    let user_pin = util::get_pin(&mut card, user_pin, ENTER_USER_PIN);
+    let user_pin = util::get_pin(&mut card, user_pin, ENTER_USER_PIN)?;

    let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?;

--- a/tools/src/bin/opgpcard/commands/decrypt.rs
+++ b/tools/src/bin/opgpcard/commands/decrypt.rs
@ -55,7 +55,7 @@ pub fn decrypt(command: DecryptCommand) -> Result<(), Box<dyn std::error::Error>
        return Err(anyhow!("Can't decrypt: this card has no key in the decryption slot.").into());
    }

-    let user_pin = util::get_pin(&mut card, command.pin_file, crate::ENTER_USER_PIN);
+    let user_pin = util::get_pin(&mut card, command.pin_file, crate::ENTER_USER_PIN)?;

    let mut user = util::verify_to_user(&mut card, user_pin.as_deref())?;
    let d = user.decryptor(&|| println!("Touch confirmation needed for decryption"))?;
--- a/tools/src/bin/opgpcard/commands/pin.rs
+++ b/tools/src/bin/opgpcard/commands/pin.rs
@ -179,7 +179,7 @@ fn set_user(

    let res = if !pinpad_modify {
        // get current user pin
-        let user_pin1 = util::get_pin(&mut card, user_pin_old, ENTER_USER_PIN)
+        let user_pin1 = util::get_pin(&mut card, user_pin_old, ENTER_USER_PIN)?
            .expect("this should never be None");

        // verify pin
@ -223,7 +223,7 @@ fn set_admin(

    if !pinpad_modify {
        // get current admin pin
-        let admin_pin1 = util::get_pin(&mut card, admin_pin_old, ENTER_ADMIN_PIN)
+        let admin_pin1 = util::get_pin(&mut card, admin_pin_old, ENTER_ADMIN_PIN)?
            .expect("this should never be None");

        // verify pin
@ -260,7 +260,7 @@ fn reset_user(
    mut card: Card<Transaction>,
 ) -> Result<()> {
    // verify admin pin
-    match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN) {
+    match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN)? {
        Some(admin_pin) => {
            // verify pin
            card.verify_admin(&admin_pin)?;
@ -299,7 +299,7 @@ fn set_reset(
    mut card: Card<Transaction>,
 ) -> Result<()> {
    // verify admin pin
-    match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN) {
+    match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN)? {
        Some(admin_pin) => {
            // verify pin
            card.verify_admin(&admin_pin)?;
--- a/tools/src/bin/opgpcard/commands/pubkey.rs
+++ b/tools/src/bin/opgpcard/commands/pubkey.rs
@ -56,7 +56,7 @@ pub fn print_pubkey(
    let ident = card.application_identifier()?.ident();
    output.ident(ident);

-    let user_pin = util::get_pin(&mut card, command.user_pin, crate::ENTER_USER_PIN);
+    let user_pin = util::get_pin(&mut card, command.user_pin, crate::ENTER_USER_PIN)?;

    let pkm = card.public_key(KeyType::Signing)?;
    let times = card.key_generation_times()?;
--- a/tools/src/bin/opgpcard/commands/sign.rs
+++ b/tools/src/bin/opgpcard/commands/sign.rs
@ -76,7 +76,7 @@ pub fn sign_detached(
        return Err(anyhow!("Can't sign: this card has no key in the signing slot.").into());
    }

-    let user_pin = util::get_pin(&mut card, pin_file, crate::ENTER_USER_PIN);
+    let user_pin = util::get_pin(&mut card, pin_file, crate::ENTER_USER_PIN)?;

    let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?;
    let s = sign.signer(&|| println!("Touch confirmation needed for signing"))?;
--- a/tools/src/bin/opgpcard/util.rs
+++ b/tools/src/bin/opgpcard/util.rs
@ -27,17 +27,20 @@ pub(crate) fn get_pin(
    card: &mut Card<Transaction<'_>>,
    pin_file: Option<PathBuf>,
    msg: &str,
-) -> Option<Vec<u8>> {
+) -> Result<Option<Vec<u8>>> {
    if let Some(path) = pin_file {
        // we have a pin file
-        Some(load_pin(&path).ok()?)
+        Ok(Some(load_pin(&path).context(format!(
+            "Failed to read PIN file {}",
+            path.display()
+        ))?))
    } else if !card.feature_pinpad_verify() {
        // we have no pin file and no pinpad
-        let pin = rpassword::prompt_password(msg).ok()?;
-        Some(pin.into_bytes())
+        let pin = rpassword::prompt_password(msg).context("Failed to read PIN")?;
+        Ok(Some(pin.into_bytes()))
    } else {
        // we have a pinpad
-        None
+        Ok(None)
    }
 }