diff options
author | Daniel Mueller <deso@posteo.net> | 2019-01-19 19:15:00 -0800 |
---|---|---|
committer | Daniel Mueller <deso@posteo.net> | 2019-01-19 19:15:00 -0800 |
commit | caa78070f52841191576c4704ebcafd55af0224f (patch) | |
tree | 4a1c8e085e9ff7d01d68b7c1bf4554e18793d7dd | |
parent | d0070bfe5da91cd272993a24cc85bf64c38c21c0 (diff) | |
download | nitrocli-caa78070f52841191576c4704ebcafd55af0224f.tar.gz nitrocli-caa78070f52841191576c4704ebcafd55af0224f.tar.bz2 |
Generalize terminology from "PIN" to "secret"
In the past we have worked solely with PINs. PINs in our (or rather, the
Nitrokey's) sense are not necessarily numbers but they can be reasonably
short in length, because they can only be retried a limited number of
times.
In the future, however, we will introduce the notion of a password,
which does not carry such a restriction.
The commonality between the two is that they are secrets and so with
this change we refer to secrets -- rather than PINs -- in places where
both passwords and PINs can conceptually be used.
-rw-r--r-- | nitrocli/src/pinentry.rs | 75 |
1 files changed, 36 insertions, 39 deletions
diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs index 84db16c..94218c4 100644 --- a/nitrocli/src/pinentry.rs +++ b/nitrocli/src/pinentry.rs @@ -94,18 +94,19 @@ impl PinEntry { } } -/// PIN entry mode for pinentry. +/// Secret entry mode for pinentry. /// /// This enum describes the context of the pinentry query, for example -/// prompting for the current PIN or requesting a new PIN. The mode may -/// affect the pinentry description and whether a quality bar is shown. +/// prompting for the current secret or requesting a new one. The mode +/// may affect the pinentry description and whether a quality bar is +/// shown. #[derive(Clone, Copy, Debug, PartialEq)] pub enum Mode { - /// Let the user choose a new PIN. + /// Let the user choose a new secret. Choose, - /// Let the user confirm the previously chosen PIN. + /// Let the user confirm the previously chosen secret. Confirm, - /// Query an existing PIN. + /// Query an existing secret. Query, } @@ -142,21 +143,20 @@ where Err(Error::Error(format!("Unexpected response: {}", string))) } -/// Inquire a PIN of the given type from the user. +/// Inquire a secret from the user. /// -/// This function inquires a PIN of the given type from the user or -/// returns the cached pin, if available. If an error message is set, -/// it is displayed in the pin dialog. The mode describes the context -/// of the pinentry dialog. It is used to choose an appropriate -/// description and to decide whether a quality bar is shown in the -/// dialog. -pub fn inquire(pin_entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> crate::Result<String> { - let cache_id = pin_entry.cache_id(); +/// This function inquires a secret from the user or returns a cached +/// entry, if available. If an error message is set, it is displayed in +/// the entry dialog. The mode describes the context of the pinentry +/// dialog. It is used to choose an appropriate description and to +/// decide whether a quality bar is shown in the dialog. +pub fn inquire(entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> crate::Result<String> { + let cache_id = entry.cache_id(); let error_msg = error_msg .map(|msg| msg.replace(" ", "+")) .unwrap_or_else(|| String::from("+")); - let prompt = pin_entry.prompt().replace(" ", "+"); - let description = pin_entry.description(mode).replace(" ", "+"); + let prompt = entry.prompt().replace(" ", "+"); + let description = entry.description(mode).replace(" ", "+"); let args = vec![cache_id, error_msg, prompt, description].join(" "); let mut command = "GET_PASSPHRASE --data ".to_string(); @@ -164,12 +164,9 @@ pub fn inquire(pin_entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> cra command += "--qualitybar "; } command += &args; - // We could also use the --data parameter here to have a more direct - // representation of the pin but the resulting response was - // considered more difficult to parse overall. It appears an error - // reported for the GET_PASSPHRASE command does not actually cause - // gpg-connect-agent to exit with a non-zero error code, we have to - // evaluate the output to determine success/failure. + // An error reported for the GET_PASSPHRASE command does not actually + // cause gpg-connect-agent to exit with a non-zero error code, we have + // to evaluate the output to determine success/failure. let output = process::Command::new("gpg-connect-agent") .arg(command) .arg("/bye") @@ -177,14 +174,14 @@ pub fn inquire(pin_entry: &PinEntry, mode: Mode, error_msg: Option<&str>) -> cra parse_pinentry_pin(str::from_utf8(&output.stdout)?) } -fn check(pin_type: PinType, pin: &str) -> crate::Result<()> { +fn check(pin_type: PinType, secret: &str) -> crate::Result<()> { let minimum_length = match pin_type { PinType::Admin => 8, PinType::User => 6, }; - if pin.len() < minimum_length { + if secret.len() < minimum_length { Err(Error::Error(format!( - "The PIN must be at least {} characters long", + "The secret must be at least {} characters long", minimum_length ))) } else { @@ -192,19 +189,19 @@ fn check(pin_type: PinType, pin: &str) -> crate::Result<()> { } } -pub fn choose(pin_entry: &PinEntry) -> crate::Result<String> { - clear(pin_entry)?; - let new_pin = inquire(pin_entry, Mode::Choose, None)?; - clear(pin_entry)?; - check(pin_entry.pin_type(), &new_pin)?; +pub fn choose(entry: &PinEntry) -> crate::Result<String> { + clear(entry)?; + let chosen = inquire(entry, Mode::Choose, None)?; + clear(entry)?; + check(entry.pin_type(), &chosen)?; - let confirm_pin = inquire(pin_entry, Mode::Confirm, None)?; - clear(pin_entry)?; + let confirmed = inquire(entry, Mode::Confirm, None)?; + clear(entry)?; - if new_pin != confirm_pin { - Err(Error::from("Entered PINs do not match")) + if chosen != confirmed { + Err(Error::from("Entered secrets do not match")) } else { - Ok(new_pin) + Ok(chosen) } } @@ -222,9 +219,9 @@ where Err(Error::Error(format!("Unexpected response: {}", string))) } -/// Clear the cached pin represented by the given entry. -pub fn clear(pin_entry: &PinEntry) -> Result<(), Error> { - let command = format!("CLEAR_PASSPHRASE {}", pin_entry.cache_id()); +/// Clear the cached secret represented by the given entry. +pub fn clear(entry: &PinEntry) -> Result<(), Error> { + let command = format!("CLEAR_PASSPHRASE {}", entry.cache_id()); let output = process::Command::new("gpg-connect-agent") .arg(command) .arg("/bye") |