diff options
author | Robin Krahl <robin.krahl@ireas.org> | 2018-12-23 01:44:22 +0100 |
---|---|---|
committer | Daniel Mueller <deso@posteo.net> | 2018-12-24 17:51:36 -0800 |
commit | 20b7c24247cd273ad519c8dcadc705a6d486f39b (patch) | |
tree | 304830e8ff26afd8c1ba7beb2a0968c9b1ca5f08 | |
parent | e0a7aa80c5c2b049538d9d333e9ce919a4a56dce (diff) | |
download | nitrocli-20b7c24247cd273ad519c8dcadc705a6d486f39b.tar.gz nitrocli-20b7c24247cd273ad519c8dcadc705a6d486f39b.tar.bz2 |
Implement user and admin authentication
This patch implements authentication with the user or admin PIN. This
is a preparation for the `otp get` and `otp set` commands which require
user and admin access to the Nitrokey.
-rw-r--r-- | nitrocli/src/commands.rs | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index b3e71a1..9761728 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -19,6 +19,8 @@ use std::result; +use nitrokey::Device; + use crate::error::Error; use crate::pinentry; use crate::Result; @@ -34,6 +36,50 @@ fn get_storage_device() -> Result<nitrokey::Storage> { .or_else(|_| Err(Error::Error("Nitrokey device not found".to_string()))) } +/// Authenticate the given device using the given PIN type and operation. +/// +/// If an error occurs, the error message `msg` is used. +fn authenticate<D, A, F>( + device: D, + pin_type: pinentry::PinType, + msg: &'static str, + op: F, +) -> Result<A> +where + D: Device, + F: Fn(D, &str) -> result::Result<A, (D, nitrokey::CommandError)>, +{ + try_with_passphrase_and_data(pin_type, msg, device, op).map_err(|(_device, err)| err) +} + +/// Authenticate the given device with the user PIN. +#[allow(unused)] +fn authenticate_user<T>(device: T) -> Result<nitrokey::User<T>> +where + T: Device, +{ + authenticate( + device, + pinentry::PinType::User, + "Could not authenticate as user", + |device, passphrase| device.authenticate_user(passphrase), + ) +} + +/// Authenticate the given device with the admin PIN. +#[allow(unused)] +fn authenticate_admin<T>(device: T) -> Result<nitrokey::Admin<T>> +where + T: Device, +{ + authenticate( + device, + pinentry::PinType::Admin, + "Could not authenticate as admin", + |device, passphrase| device.authenticate_admin(passphrase), + ) +} + /// Return a string representation of the given volume status. fn get_volume_status(status: &nitrokey::VolumeStatus) -> &'static str { if status.active { |