diff options
| author | Daniel Mueller <deso@posteo.net> | 2019-01-19 19:44:34 -0800 |
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2019-01-19 19:44:34 -0800 |
| commit | b06d6ac43a12f928ce2a1d4b4d57f4d12de80b15 (patch) | |
| tree | 1d99fcd83996dca02e274d4601c6a1c973785b79 | |
| parent | 0ab262382e9b7fd4c3f637cd831b6c1641846347 (diff) | |
| download | nitrocli-b06d6ac43a12f928ce2a1d4b4d57f4d12de80b15.tar.gz nitrocli-b06d6ac43a12f928ce2a1d4b4d57f4d12de80b15.tar.bz2 | |
Introduce PwdEntry struct implementing SecretEntry for passwords
With the required interface for secrets well defined, this change
introduces a second secret type in addition to PINs: passwords. Similar
to a PIN, a password can contain pretty arbitrary characters but
passwords can be retried repeatedly, whereas PINs cause a lockout after
a certain number of failed attempts.
Our first use case for passwords will be for hidden volumes. For those,
we do not want to gpg-agent to cache entries and so a password entry
indicates that it is not to be cached through the previously introduced
mechanism for optional caching.
| -rw-r--r-- | nitrocli/src/pinentry.rs | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/nitrocli/src/pinentry.rs b/nitrocli/src/pinentry.rs index ac978fc..f8606ed 100644 --- a/nitrocli/src/pinentry.rs +++ b/nitrocli/src/pinentry.rs @@ -121,6 +121,57 @@ impl SecretEntry for PinEntry { } } +#[derive(Debug)] +#[allow(unused)] +pub struct PwdEntry { + model: nitrokey::Model, + serial: String, +} + +impl PwdEntry { + #[allow(unused)] + pub fn from<D>(device: &D) -> crate::Result<Self> + where + D: nitrokey::Device, + { + let model = device.get_model(); + let serial = device.get_serial_number()?; + Ok(Self { model, serial }) + } +} + +impl SecretEntry for PwdEntry { + fn cache_id(&self) -> Option<CowStr> { + None + } + + fn prompt(&self) -> CowStr { + "Password".into() + } + + fn description(&self, mode: Mode) -> CowStr { + format!( + "{} for\rNitrokey {} {}", + match mode { + Mode::Choose => "Please enter a new hidden volume password", + Mode::Confirm => "Please confirm the new hidden volume password", + Mode::Query => "Please enter a hidden volume password", + }, + self.model, + self.serial, + ) + .into() + } + + fn min_len(&self) -> u8 { + // More or less arbitrary minimum length based on the fact that the + // manual mentions six letter passwords in examples. Users + // *probably* should go longer than that, but we don't want to be + // too opinionated. + 6 + } +} + /// Secret entry mode for pinentry. /// /// This enum describes the context of the pinentry query, for example |