turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'nora/43' into 'main'

Browse source 
opgpcard: Add error handling for PIN file

Closes #43

See merge request openpgp-card/openpgp-card!29
This commit is contained in:
Heiko 2022-10-28 14:16:14 +00:00
commit 9ab55545f2
7 changed files with 18 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
tools/src/bin/opgpcard/commands/admin.rs
View file

@ -249,7 +249,7 @@ pub fn admin(
let mut open: Card<Open> = backend.into(); let mut open: Card<Open> = backend.into();
let mut card = open.transaction()?; let mut card = open.transaction()?;
let admin_pin = util::get_pin(&mut card, command.admin_pin, ENTER_ADMIN_PIN); let admin_pin = util::get_pin(&mut card, command.admin_pin, ENTER_ADMIN_PIN)?;
match command.cmd { match command.cmd {
AdminSubCommand::Name { name } => { AdminSubCommand::Name { name } => {
@ -498,7 +498,7 @@ fn generate_command(
cmd: AdminGenerateCommand, cmd: AdminGenerateCommand,
) -> Result<()> { ) -> Result<()> {
let user_pin = util::get_pin(&mut card, cmd.user_pin, ENTER_USER_PIN); let user_pin = util::get_pin(&mut card, cmd.user_pin, ENTER_USER_PIN)?;
let mut output = output::AdminGenerate::default(); let mut output = output::AdminGenerate::default();
output.ident(card.application_identifier()?.ident()); output.ident(card.application_identifier()?.ident());

2
tools/src/bin/opgpcard/commands/attestation.rs
View file

@ -146,7 +146,7 @@ fn generate(
let mut open: Card<Open> = backend.into(); let mut open: Card<Open> = backend.into();
let mut card = open.transaction()?; let mut card = open.transaction()?;
let user_pin = util::get_pin(&mut card, user_pin, ENTER_USER_PIN); let user_pin = util::get_pin(&mut card, user_pin, ENTER_USER_PIN)?;
let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?; let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?;

2
tools/src/bin/opgpcard/commands/decrypt.rs
View file

@ -55,7 +55,7 @@ pub fn decrypt(command: DecryptCommand) -> Result<(), Box<dyn std::error::Error>
return Err(anyhow!("Can't decrypt: this card has no key in the decryption slot.").into()); return Err(anyhow!("Can't decrypt: this card has no key in the decryption slot.").into());
} }
let user_pin = util::get_pin(&mut card, command.pin_file, crate::ENTER_USER_PIN); let user_pin = util::get_pin(&mut card, command.pin_file, crate::ENTER_USER_PIN)?;
let mut user = util::verify_to_user(&mut card, user_pin.as_deref())?; let mut user = util::verify_to_user(&mut card, user_pin.as_deref())?;
let d = user.decryptor(&|| println!("Touch confirmation needed for decryption"))?; let d = user.decryptor(&|| println!("Touch confirmation needed for decryption"))?;

8
tools/src/bin/opgpcard/commands/pin.rs
View file

@ -179,7 +179,7 @@ fn set_user(
let res = if !pinpad_modify { let res = if !pinpad_modify {
// get current user pin // get current user pin
let user_pin1 = util::get_pin(&mut card, user_pin_old, ENTER_USER_PIN) let user_pin1 = util::get_pin(&mut card, user_pin_old, ENTER_USER_PIN)?
.expect("this should never be None"); .expect("this should never be None");
// verify pin // verify pin
@ -223,7 +223,7 @@ fn set_admin(
if !pinpad_modify { if !pinpad_modify {
// get current admin pin // get current admin pin
let admin_pin1 = util::get_pin(&mut card, admin_pin_old, ENTER_ADMIN_PIN) let admin_pin1 = util::get_pin(&mut card, admin_pin_old, ENTER_ADMIN_PIN)?
.expect("this should never be None"); .expect("this should never be None");
// verify pin // verify pin
@ -260,7 +260,7 @@ fn reset_user(
mut card: Card<Transaction>, mut card: Card<Transaction>,
) -> Result<()> { ) -> Result<()> {
// verify admin pin // verify admin pin
match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN) { match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN)? {
Some(admin_pin) => { Some(admin_pin) => {
// verify pin // verify pin
card.verify_admin(&admin_pin)?; card.verify_admin(&admin_pin)?;
@ -299,7 +299,7 @@ fn set_reset(
mut card: Card<Transaction>, mut card: Card<Transaction>,
) -> Result<()> { ) -> Result<()> {
// verify admin pin // verify admin pin
match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN) { match util::get_pin(&mut card, admin_pin, ENTER_ADMIN_PIN)? {
Some(admin_pin) => { Some(admin_pin) => {
// verify pin // verify pin
card.verify_admin(&admin_pin)?; card.verify_admin(&admin_pin)?;

2
tools/src/bin/opgpcard/commands/pubkey.rs
View file

@ -56,7 +56,7 @@ pub fn print_pubkey(
let ident = card.application_identifier()?.ident(); let ident = card.application_identifier()?.ident();
output.ident(ident); output.ident(ident);
let user_pin = util::get_pin(&mut card, command.user_pin, crate::ENTER_USER_PIN); let user_pin = util::get_pin(&mut card, command.user_pin, crate::ENTER_USER_PIN)?;
let pkm = card.public_key(KeyType::Signing)?; let pkm = card.public_key(KeyType::Signing)?;
let times = card.key_generation_times()?; let times = card.key_generation_times()?;

2
tools/src/bin/opgpcard/commands/sign.rs
View file

@ -76,7 +76,7 @@ pub fn sign_detached(
return Err(anyhow!("Can't sign: this card has no key in the signing slot.").into()); return Err(anyhow!("Can't sign: this card has no key in the signing slot.").into());
} }
let user_pin = util::get_pin(&mut card, pin_file, crate::ENTER_USER_PIN); let user_pin = util::get_pin(&mut card, pin_file, crate::ENTER_USER_PIN)?;
let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?; let mut sign = util::verify_to_sign(&mut card, user_pin.as_deref())?;
let s = sign.signer(&|| println!("Touch confirmation needed for signing"))?; let s = sign.signer(&|| println!("Touch confirmation needed for signing"))?;

13
tools/src/bin/opgpcard/util.rs
View file

@ -27,17 +27,20 @@ pub(crate) fn get_pin(
card: &mut Card<Transaction<'_>>, card: &mut Card<Transaction<'_>>,
pin_file: Option<PathBuf>, pin_file: Option<PathBuf>,
msg: &str, msg: &str,
) -> Option<Vec<u8>> { ) -> Result<Option<Vec<u8>>> {
if let Some(path) = pin_file { if let Some(path) = pin_file {
// we have a pin file // we have a pin file
Some(load_pin(&path).ok()?) Ok(Some(load_pin(&path).context(format!(
"Failed to read PIN file {}",
path.display()
))?))
} else if !card.feature_pinpad_verify() { } else if !card.feature_pinpad_verify() {
// we have no pin file and no pinpad // we have no pin file and no pinpad
let pin = rpassword::prompt_password(msg).ok()?; let pin = rpassword::prompt_password(msg).context("Failed to read PIN")?;
Some(pin.into_bytes()) Ok(Some(pin.into_bytes()))
} else { } else {
// we have a pinpad // we have a pinpad
None Ok(None)
} }
} }