From b06d6ac43a12f928ce2a1d4b4d57f4d12de80b15 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Sat, 19 Jan 2019 19:44:34 -0800 Subject: Introduce PwdEntry struct implementing SecretEntry for passwords With the required interface for secrets well defined, this change introduces a second secret type in addition to PINs: passwords. Similar to a PIN, a password can contain pretty arbitrary characters but passwords can be retried repeatedly, whereas PINs cause a lockout after a certain number of failed attempts. Our first use case for passwords will be for hidden volumes. For those, we do not want to gpg-agent to cache entries and so a password entry indicates that it is not to be cached through the previously introduced mechanism for optional caching. --- nitrocli/src/pinentry.rs | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs index ac978fc..f8606ed 100644 --- a/nitrocli/src/pinentry.rs +++ b/nitrocli/src/pinentry.rs @@ -121,6 +121,57 @@ impl SecretEntry for PinEntry { } } +#[derive(Debug)] +#[allow(unused)] +pub struct PwdEntry { + model: nitrokey::Model, + serial: String, +} + +impl PwdEntry { + #[allow(unused)] + pub fn from(device: &D) -> crate::Result + where + D: nitrokey::Device, + { + let model = device.get_model(); + let serial = device.get_serial_number()?; + Ok(Self { model, serial }) + } +} + +impl SecretEntry for PwdEntry { + fn cache_id(&self) -> Option { + None + } + + fn prompt(&self) -> CowStr { + "Password".into() + } + + fn description(&self, mode: Mode) -> CowStr { + format!( + "{} for\rNitrokey {} {}", + match mode { + Mode::Choose => "Please enter a new hidden volume password", + Mode::Confirm => "Please confirm the new hidden volume password", + Mode::Query => "Please enter a hidden volume password", + }, + self.model, + self.serial, + ) + .into() + } + + fn min_len(&self) -> u8 { + // More or less arbitrary minimum length based on the fact that the + // manual mentions six letter passwords in examples. Users + // *probably* should go longer than that, but we don't want to be + // too opinionated. + 6 + } +} + /// Secret entry mode for pinentry. /// /// This enum describes the context of the pinentry query, for example -- cgit v1.2.3