summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <robin.krahl@ireas.org>2018-12-23 01:44:22 +0100
committerDaniel Mueller <deso@posteo.net>2018-12-24 17:51:36 -0800
commit20b7c24247cd273ad519c8dcadc705a6d486f39b (patch)
tree304830e8ff26afd8c1ba7beb2a0968c9b1ca5f08
parente0a7aa80c5c2b049538d9d333e9ce919a4a56dce (diff)
downloadnitrocli-20b7c24247cd273ad519c8dcadc705a6d486f39b.tar.gz
nitrocli-20b7c24247cd273ad519c8dcadc705a6d486f39b.tar.bz2
Implement user and admin authentication
This patch implements authentication with the user or admin PIN. This is a preparation for the `otp get` and `otp set` commands which require user and admin access to the Nitrokey.
-rw-r--r--nitrocli/src/commands.rs46
1 files changed, 46 insertions, 0 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index b3e71a1..9761728 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -19,6 +19,8 @@
use std::result;
+use nitrokey::Device;
+
use crate::error::Error;
use crate::pinentry;
use crate::Result;
@@ -34,6 +36,50 @@ fn get_storage_device() -> Result<nitrokey::Storage> {
.or_else(|_| Err(Error::Error("Nitrokey device not found".to_string())))
}
+/// Authenticate the given device using the given PIN type and operation.
+///
+/// If an error occurs, the error message `msg` is used.
+fn authenticate<D, A, F>(
+ device: D,
+ pin_type: pinentry::PinType,
+ msg: &'static str,
+ op: F,
+) -> Result<A>
+where
+ D: Device,
+ F: Fn(D, &str) -> result::Result<A, (D, nitrokey::CommandError)>,
+{
+ try_with_passphrase_and_data(pin_type, msg, device, op).map_err(|(_device, err)| err)
+}
+
+/// Authenticate the given device with the user PIN.
+#[allow(unused)]
+fn authenticate_user<T>(device: T) -> Result<nitrokey::User<T>>
+where
+ T: Device,
+{
+ authenticate(
+ device,
+ pinentry::PinType::User,
+ "Could not authenticate as user",
+ |device, passphrase| device.authenticate_user(passphrase),
+ )
+}
+
+/// Authenticate the given device with the admin PIN.
+#[allow(unused)]
+fn authenticate_admin<T>(device: T) -> Result<nitrokey::Admin<T>>
+where
+ T: Device,
+{
+ authenticate(
+ device,
+ pinentry::PinType::Admin,
+ "Could not authenticate as admin",
+ |device, passphrase| device.authenticate_admin(passphrase),
+ )
+}
+
/// Return a string representation of the given volume status.
fn get_volume_status(status: &nitrokey::VolumeStatus) -> &'static str {
if status.active {