aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Mueller <deso@posteo.net>2019-01-09 15:29:35 -0800
committerDaniel Mueller <deso@posteo.net>2019-01-09 15:29:35 -0800
commit4e83e8f9a79bcd26435b66d9faed72ff98a45555 (patch)
tree35673af41ce1f53a8da5996bcf7604758456c668
parent17203a1a5d91a1749adeca0f108aad8efa979ff3 (diff)
downloadnitrocli-4e83e8f9a79bcd26435b66d9faed72ff98a45555.tar.gz
nitrocli-4e83e8f9a79bcd26435b66d9faed72ff98a45555.tar.bz2
Use 'pin' instead of 'passphrase'
In the past we have used the term 'passphrase' to refer to the data retrieved through the pinentry module and that terminology has permeated the commands module as well. However, on the Nitrokey side we talk about PINs most of the time (despite a lack of an requirement for being actual numbers). In an attempt to unify terminology a bit more, this change renames all occurrences of the term 'passphrase' with PIN. This renaming has the nice side effect of making the code more concise because the latter is much shorter than the former.
-rw-r--r--nitrocli/src/commands.rs94
-rw-r--r--nitrocli/src/pinentry.rs40
2 files changed, 66 insertions, 68 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index a5600b1..1d5c67c 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -91,15 +91,11 @@ fn get_storage_device(ctx: &mut args::ExecCtx<'_>) -> Result<nitrokey::Storage>
/// Open the password safe on the given device.
fn get_password_safe(device: &dyn Device) -> Result<nitrokey::PasswordSafe<'_>> {
- try_with_passphrase_and_data(
+ try_with_pin_and_data(
pinentry::PinType::User,
"Could not access the password safe",
(),
- |_, passphrase| {
- device
- .get_password_safe(passphrase)
- .map_err(|err| ((), err))
- },
+ |_, pin| device.get_password_safe(pin).map_err(|err| ((), err)),
)
.map_err(|(_, err)| err)
}
@@ -117,7 +113,7 @@ where
D: Device,
F: Fn(D, &str) -> result::Result<A, (D, nitrokey::CommandError)>,
{
- try_with_passphrase_and_data(pin_type, msg, device, op).map_err(|(_device, err)| err)
+ try_with_pin_and_data(pin_type, msg, device, op).map_err(|(_device, err)| err)
}
/// Authenticate the given device with the user PIN.
@@ -129,7 +125,7 @@ where
device,
pinentry::PinType::User,
"Could not authenticate as user",
- |device, passphrase| device.authenticate_user(passphrase),
+ |device, pin| device.authenticate_user(pin),
)
}
@@ -142,7 +138,7 @@ where
device,
pinentry::PinType::Admin,
"Could not authenticate as admin",
- |device, passphrase| device.authenticate_admin(passphrase),
+ |device, pin| device.authenticate_admin(pin),
)
}
@@ -159,22 +155,22 @@ fn get_volume_status(status: &nitrokey::VolumeStatus) -> &'static str {
}
}
-/// Try to execute the given function with a passphrase queried using pinentry.
+/// Try to execute the given function with a pin queried using pinentry.
///
-/// This function will query the passphrase of the given type from the
-/// user using pinentry. It will then execute the given function. If
-/// this function returns a result, the result will be passed it on. If
-/// it returns a `CommandError::WrongPassword`, the user will be asked
-/// again to enter the passphrase. Otherwise, this function returns an
-/// error containing the given error message. The user will have at
-/// most three tries to get the passphrase right.
+/// This function will query the pin of the given type from the user
+/// using pinentry. It will then execute the given function. If this
+/// function returns a result, the result will be passed it on. If it
+/// returns a `CommandError::WrongPassword`, the user will be asked
+/// again to enter the pin. Otherwise, this function returns an error
+/// containing the given error message. The user will have at most
+/// three tries to get the pin right.
///
/// The data argument can be used to pass on data between the tries. At
/// the first try, this function will call `op` with `data`. At the
/// second or third try, it will call `op` with the data returned by the
/// previous call to `op`.
-fn try_with_passphrase_and_data<D, F, R>(
- pin: pinentry::PinType,
+fn try_with_pin_and_data<D, F, R>(
+ pin_type: pinentry::PinType,
msg: &'static str,
data: D,
op: F,
@@ -186,19 +182,19 @@ where
let mut retry = 3;
let mut error_msg = None;
loop {
- let passphrase = match pinentry::inquire_passphrase(pin, pinentry::Mode::Query, error_msg) {
- Ok(passphrase) => passphrase,
+ let pin = match pinentry::inquire_pin(pin_type, pinentry::Mode::Query, error_msg) {
+ Ok(pin) => pin,
Err(err) => return Err((data, err)),
};
- let passphrase = match String::from_utf8(passphrase) {
- Ok(passphrase) => passphrase,
+ let pin = match String::from_utf8(pin) {
+ Ok(pin) => pin,
Err(err) => return Err((data, Error::from(err))),
};
- match op(data, &passphrase) {
+ match op(data, &pin) {
Ok(result) => return Ok(result),
Err((new_data, err)) => match err {
nitrokey::CommandError::WrongPassword => {
- if let Err(err) = pinentry::clear_passphrase(pin) {
+ if let Err(err) = pinentry::clear_pin(pin_type) {
return Err((new_data, err));
}
retry -= 1;
@@ -217,16 +213,16 @@ where
}
}
-/// Try to execute the given function with a passphrase queried using pinentry.
+/// Try to execute the given function with a pin queried using pinentry.
///
-/// This function behaves exactly as `try_with_passphrase_and_data`, but
+/// This function behaves exactly as `try_with_pin_and_data`, but
/// it refrains from passing any data to it.
-fn try_with_passphrase<F>(pin: pinentry::PinType, msg: &'static str, op: F) -> Result<()>
+fn try_with_pin<F>(pin_type: pinentry::PinType, msg: &'static str, op: F) -> Result<()>
where
F: Fn(&str) -> result::Result<(), nitrokey::CommandError>,
{
- try_with_passphrase_and_data(pin, msg, (), |data, passphrase| {
- op(passphrase).map_err(|err| (data, err))
+ try_with_pin_and_data(pin_type, msg, (), |data, pin| {
+ op(pin).map_err(|err| (data, err))
})
.map_err(|(_data, err)| err)
}
@@ -271,10 +267,10 @@ pub fn status(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
/// Open the encrypted volume on the nitrokey.
pub fn storage_open(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
let device = get_storage_device(ctx)?;
- try_with_passphrase(
+ try_with_pin(
pinentry::PinType::User,
"Opening encrypted volume failed",
- |passphrase| device.enable_encrypted_volume(&passphrase),
+ |pin| device.enable_encrypted_volume(&pin),
)
}
@@ -560,13 +556,13 @@ pub fn otp_status(ctx: &mut args::ExecCtx<'_>, all: bool) -> Result<()> {
/// Clear the PIN stored by various operations.
pub fn pin_clear() -> Result<()> {
- pinentry::clear_passphrase(pinentry::PinType::Admin)?;
- pinentry::clear_passphrase(pinentry::PinType::User)?;
+ pinentry::clear_pin(pinentry::PinType::Admin)?;
+ pinentry::clear_pin(pinentry::PinType::User)?;
Ok(())
}
-fn check_pin(pintype: pinentry::PinType, pin: &str) -> Result<()> {
- let minimum_length = match pintype {
+fn check_pin(pin_type: pinentry::PinType, pin: &str) -> Result<()> {
+ let minimum_length = match pin_type {
pinentry::PinType::Admin => 8,
pinentry::PinType::User => 6,
};
@@ -580,15 +576,15 @@ fn check_pin(pintype: pinentry::PinType, pin: &str) -> Result<()> {
}
}
-fn choose_pin(pintype: pinentry::PinType) -> Result<String> {
- pinentry::clear_passphrase(pintype)?;
- let new_pin = pinentry::inquire_passphrase(pintype, pinentry::Mode::Choose, None)?;
- pinentry::clear_passphrase(pintype)?;
+fn choose_pin(pin_type: pinentry::PinType) -> Result<String> {
+ pinentry::clear_pin(pin_type)?;
+ let new_pin = pinentry::inquire_pin(pin_type, pinentry::Mode::Choose, None)?;
+ pinentry::clear_pin(pin_type)?;
let new_pin = String::from_utf8(new_pin)?;
- check_pin(pintype, &new_pin)?;
+ check_pin(pin_type, &new_pin)?;
- let confirm_pin = pinentry::inquire_passphrase(pintype, pinentry::Mode::Confirm, None)?;
- pinentry::clear_passphrase(pintype)?;
+ let confirm_pin = pinentry::inquire_pin(pin_type, pinentry::Mode::Confirm, None)?;
+ pinentry::clear_pin(pin_type)?;
let confirm_pin = String::from_utf8(confirm_pin)?;
if new_pin != confirm_pin {
@@ -599,13 +595,13 @@ fn choose_pin(pintype: pinentry::PinType) -> Result<String> {
}
/// Change a PIN.
-pub fn pin_set(ctx: &mut args::ExecCtx<'_>, pintype: pinentry::PinType) -> Result<()> {
+pub fn pin_set(ctx: &mut args::ExecCtx<'_>, pin_type: pinentry::PinType) -> Result<()> {
let device = get_device(ctx)?;
- let new_pin = choose_pin(pintype)?;
- try_with_passphrase(
- pintype,
+ let new_pin = choose_pin(pin_type)?;
+ try_with_pin(
+ pin_type,
"Could not change the PIN",
- |current_pin| match pintype {
+ |current_pin| match pin_type {
pinentry::PinType::Admin => device.change_admin_pin(&current_pin, &new_pin),
pinentry::PinType::User => device.change_user_pin(&current_pin, &new_pin),
},
@@ -616,7 +612,7 @@ pub fn pin_set(ctx: &mut args::ExecCtx<'_>, pintype: pinentry::PinType) -> Resul
pub fn pin_unblock(ctx: &mut args::ExecCtx<'_>) -> Result<()> {
let device = get_device(ctx)?;
let user_pin = choose_pin(pinentry::PinType::User)?;
- try_with_passphrase(
+ try_with_pin(
pinentry::PinType::Admin,
"Could not unblock the user PIN",
|admin_pin| device.unlock_user_pin(&admin_pin, &user_pin),
diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs
index 0d9fc5f..6c36d73 100644
--- a/nitrocli/src/pinentry.rs
+++ b/nitrocli/src/pinentry.rs
@@ -93,9 +93,9 @@ impl PinType {
/// PIN entry mode for pinentry.
///
-/// This enum describes the context of the pinentry query, for example prompting for the current
-/// PIN or requesting a new PIN. The mode may affect the pinentry description and whether a
-/// quality bar is shown.
+/// This enum describes the context of the pinentry query, for example
+/// prompting for the current PIN or requesting a new PIN. The mode may
+/// affect the pinentry description and whether a quality bar is shown.
#[derive(Clone, Copy, Debug, PartialEq)]
pub enum Mode {
/// Let the user choose a new PIN.
@@ -112,7 +112,7 @@ impl Mode {
}
}
-fn parse_pinentry_passphrase(response: Vec<u8>) -> Result<Vec<u8>, Error> {
+fn parse_pinentry_pin(response: Vec<u8>) -> Result<Vec<u8>, Error> {
let string = String::from_utf8(response)?;
let lines: Vec<&str> = string.lines().collect();
@@ -138,11 +138,13 @@ fn parse_pinentry_passphrase(response: Vec<u8>) -> Result<Vec<u8>, Error> {
/// Inquire a PIN of the given type from the user.
///
-/// This function inquires a PIN of the given type from the user or returns the cached passphrase,
-/// if available. If an error message is set, it is displayed in the passphrase dialog. The
-/// mode describes the context of the pinentry dialog. It is used to choose an appropriate
-/// description and to decide whether a quality bar is shown in the dialog.
-pub fn inquire_passphrase(
+/// This function inquires a PIN of the given type from the user or
+/// returns the cached pin, if available. If an error message is set,
+/// it is displayed in the pin dialog. The mode describes the context
+/// of the pinentry dialog. It is used to choose an appropriate
+/// description and to decide whether a quality bar is shown in the
+/// dialog.
+pub fn inquire_pin(
pin_type: PinType,
mode: Mode,
error_msg: Option<&str>,
@@ -161,7 +163,7 @@ pub fn inquire_passphrase(
}
command += &args;
// We could also use the --data parameter here to have a more direct
- // representation of the passphrase but the resulting response was
+ // representation of the pin but the resulting response was
// considered more difficult to parse overall. It appears an error
// reported for the GET_PASSPHRASE command does not actually cause
// gpg-connect-agent to exit with a non-zero error code, we have to
@@ -170,7 +172,7 @@ pub fn inquire_passphrase(
.arg(command)
.arg("/bye")
.output()?;
- parse_pinentry_passphrase(output.stdout)
+ parse_pinentry_pin(output.stdout)
}
fn parse_pinentry_response(response: Vec<u8>) -> Result<(), Error> {
@@ -184,8 +186,8 @@ fn parse_pinentry_response(response: Vec<u8>) -> Result<(), Error> {
Err(Error::Error("Unexpected response: ".to_string() + &string))
}
-/// Clear the cached passphrase of the given type.
-pub fn clear_passphrase(pin_type: PinType) -> Result<(), Error> {
+/// Clear the cached pin of the given type.
+pub fn clear_pin(pin_type: PinType) -> Result<(), Error> {
let command = "CLEAR_PASSPHRASE ".to_string() + pin_type.cache_id();
let output = process::Command::new("gpg-connect-agent")
.arg(command)
@@ -200,20 +202,20 @@ mod tests {
use super::*;
#[test]
- fn parse_pinentry_passphrase_good() {
+ fn parse_pinentry_pin_good() {
let response = "D passphrase\nOK\n".to_string().into_bytes();
let expected = "passphrase".to_string().into_bytes();
- assert_eq!(parse_pinentry_passphrase(response).unwrap(), expected)
+ assert_eq!(parse_pinentry_pin(response).unwrap(), expected)
}
#[test]
- fn parse_pinentry_passphrase_error() {
+ fn parse_pinentry_pin_error() {
let error = "83886179 Operation cancelled";
let response = "ERR ".to_string() + error + "\n";
let expected = error;
- let error = parse_pinentry_passphrase(response.to_string().into_bytes());
+ let error = parse_pinentry_pin(response.to_string().into_bytes());
if let Error::Error(ref e) = error.err().unwrap() {
assert_eq!(e, &expected);
@@ -223,11 +225,11 @@ mod tests {
}
#[test]
- fn parse_pinentry_passphrase_unexpected() {
+ fn parse_pinentry_pin_unexpected() {
let response = "foobar\n";
let expected = "Unexpected response: ".to_string() + response;
- let error = parse_pinentry_passphrase(response.to_string().into_bytes());
+ let error = parse_pinentry_pin(response.to_string().into_bytes());
if let Error::Error(ref e) = error.err().unwrap() {
assert_eq!(e, &expected);