From 20b7c24247cd273ad519c8dcadc705a6d486f39b Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Sun, 23 Dec 2018 01:44:22 +0100 Subject: Implement user and admin authentication This patch implements authentication with the user or admin PIN. This is a preparation for the `otp get` and `otp set` commands which require user and admin access to the Nitrokey. --- nitrocli/src/commands.rs | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index b3e71a1..9761728 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -19,6 +19,8 @@ use std::result; +use nitrokey::Device; + use crate::error::Error; use crate::pinentry; use crate::Result; @@ -34,6 +36,50 @@ fn get_storage_device() -> Result { .or_else(|_| Err(Error::Error("Nitrokey device not found".to_string()))) } +/// Authenticate the given device using the given PIN type and operation. +/// +/// If an error occurs, the error message `msg` is used. +fn authenticate( + device: D, + pin_type: pinentry::PinType, + msg: &'static str, + op: F, +) -> Result +where + D: Device, + F: Fn(D, &str) -> result::Result, +{ + try_with_passphrase_and_data(pin_type, msg, device, op).map_err(|(_device, err)| err) +} + +/// Authenticate the given device with the user PIN. +#[allow(unused)] +fn authenticate_user(device: T) -> Result> +where + T: Device, +{ + authenticate( + device, + pinentry::PinType::User, + "Could not authenticate as user", + |device, passphrase| device.authenticate_user(passphrase), + ) +} + +/// Authenticate the given device with the admin PIN. +#[allow(unused)] +fn authenticate_admin(device: T) -> Result> +where + T: Device, +{ + authenticate( + device, + pinentry::PinType::Admin, + "Could not authenticate as admin", + |device, passphrase| device.authenticate_admin(passphrase), + ) +} + /// Return a string representation of the given volume status. fn get_volume_status(status: &nitrokey::VolumeStatus) -> &'static str { if status.active { -- cgit v1.2.3