summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Mueller <deso@posteo.net>2019-01-19 19:15:00 -0800
committerDaniel Mueller <deso@posteo.net>2019-01-19 19:15:00 -0800
commitcaa78070f52841191576c4704ebcafd55af0224f (patch)
tree4a1c8e085e9ff7d01d68b7c1bf4554e18793d7dd
parentd0070bfe5da91cd272993a24cc85bf64c38c21c0 (diff)
downloadnitrocli-caa78070f52841191576c4704ebcafd55af0224f.tar.gz
nitrocli-caa78070f52841191576c4704ebcafd55af0224f.tar.bz2
Generalize terminology from "PIN" to "secret"
In the past we have worked solely with PINs. PINs in our (or rather, the Nitrokey's) sense are not necessarily numbers but they can be reasonably short in length, because they can only be retried a limited number of times. In the future, however, we will introduce the notion of a password, which does not carry such a restriction. The commonality between the two is that they are secrets and so with this change we refer to secrets -- rather than PINs -- in places where both passwords and PINs can conceptually be used.
-rw-r--r--nitrocli/src/pinentry.rs75
1 files changed, 36 insertions, 39 deletions
diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs
index 84db16c..94218c4 100644
--- a/nitrocli/src/pinentry.rs
+++ b/nitrocli/src/pinentry.rs
@@ -94,18 +94,19 @@ impl PinEntry {
}
}
-/// PIN entry mode for pinentry.
+/// Secret entry mode for pinentry.
///
/// This enum describes the context of the pinentry query, for example
-/// prompting for the current PIN or requesting a new PIN. The mode may
-/// affect the pinentry description and whether a quality bar is shown.
+/// prompting for the current secret or requesting a new one. The mode
+/// may affect the pinentry description and whether a quality bar is
+/// shown.
#[derive(Clone, Copy, Debug, PartialEq)]
pub enum Mode {
- /// Let the user choose a new PIN.
+ /// Let the user choose a new secret.
Choose,
- /// Let the user confirm the previously chosen PIN.
+ /// Let the user confirm the previously chosen secret.
Confirm,
- /// Query an existing PIN.
+ /// Query an existing secret.
Query,
}
@@ -142,21 +143,20 @@ where
Err(Error::Error(format!("Unexpected response: {}", string)))
}
-/// Inquire a PIN of the given type from the user.
+/// Inquire a secret from the user.
///
-/// This function inquires a PIN of the given type from the user or
-/// returns the cached pin, if available. If an error message is set,
-/// it is displayed in the pin dialog. The mode describes the context
-/// of the pinentry dialog. It is used to choose an appropriate
-/// description and to decide whether a quality bar is shown in the
-/// dialog.
-pub fn inquire(pin_entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> crate::Result<String> {
- let cache_id = pin_entry.cache_id();
+/// This function inquires a secret from the user or returns a cached
+/// entry, if available. If an error message is set, it is displayed in
+/// the entry dialog. The mode describes the context of the pinentry
+/// dialog. It is used to choose an appropriate description and to
+/// decide whether a quality bar is shown in the dialog.
+pub fn inquire(entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> crate::Result<String> {
+ let cache_id = entry.cache_id();
let error_msg = error_msg
.map(|msg| msg.replace(" ", "+"))
.unwrap_or_else(|| String::from("+"));
- let prompt = pin_entry.prompt().replace(" ", "+");
- let description = pin_entry.description(mode).replace(" ", "+");
+ let prompt = entry.prompt().replace(" ", "+");
+ let description = entry.description(mode).replace(" ", "+");
let args = vec![cache_id, error_msg, prompt, description].join(" ");
let mut command = "GET_PASSPHRASE --data ".to_string();
@@ -164,12 +164,9 @@ pub fn inquire(pin_entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> cra
command += "--qualitybar ";
}
command += &args;
- // We could also use the --data parameter here to have a more direct
- // representation of the pin but the resulting response was
- // considered more difficult to parse overall. It appears an error
- // reported for the GET_PASSPHRASE command does not actually cause
- // gpg-connect-agent to exit with a non-zero error code, we have to
- // evaluate the output to determine success/failure.
+ // An error reported for the GET_PASSPHRASE command does not actually
+ // cause gpg-connect-agent to exit with a non-zero error code, we have
+ // to evaluate the output to determine success/failure.
let output = process::Command::new("gpg-connect-agent")
.arg(command)
.arg("/bye")
@@ -177,14 +174,14 @@ pub fn inquire(pin_entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> cra
parse_pinentry_pin(str::from_utf8(&output.stdout)?)
}
-fn check(pin_type: PinType, pin: &str) -> crate::Result<()> {
+fn check(pin_type: PinType, secret: &str) -> crate::Result<()> {
let minimum_length = match pin_type {
PinType::Admin => 8,
PinType::User => 6,
};
- if pin.len() < minimum_length {
+ if secret.len() < minimum_length {
Err(Error::Error(format!(
- "The PIN must be at least {} characters long",
+ "The secret must be at least {} characters long",
minimum_length
)))
} else {
@@ -192,19 +189,19 @@ fn check(pin_type: PinType, pin: &str) -> crate::Result<()> {
}
}
-pub fn choose(pin_entry: &PinEntry) -> crate::Result<String> {
- clear(pin_entry)?;
- let new_pin = inquire(pin_entry, Mode::Choose, None)?;
- clear(pin_entry)?;
- check(pin_entry.pin_type(), &new_pin)?;
+pub fn choose(entry: &PinEntry) -> crate::Result<String> {
+ clear(entry)?;
+ let chosen = inquire(entry, Mode::Choose, None)?;
+ clear(entry)?;
+ check(entry.pin_type(), &chosen)?;
- let confirm_pin = inquire(pin_entry, Mode::Confirm, None)?;
- clear(pin_entry)?;
+ let confirmed = inquire(entry, Mode::Confirm, None)?;
+ clear(entry)?;
- if new_pin != confirm_pin {
- Err(Error::from("Entered PINs do not match"))
+ if chosen != confirmed {
+ Err(Error::from("Entered secrets do not match"))
} else {
- Ok(new_pin)
+ Ok(chosen)
}
}
@@ -222,9 +219,9 @@ where
Err(Error::Error(format!("Unexpected response: {}", string)))
}
-/// Clear the cached pin represented by the given entry.
-pub fn clear(pin_entry: &PinEntry) -> Result<(), Error> {
- let command = format!("CLEAR_PASSPHRASE {}", pin_entry.cache_id());
+/// Clear the cached secret represented by the given entry.
+pub fn clear(entry: &PinEntry) -> Result<(), Error> {
+ let command = format!("CLEAR_PASSPHRASE {}", entry.cache_id());
let output = process::Command::new("gpg-connect-agent")
.arg(command)
.arg("/bye")