diff options
author | Robin Krahl <robin.krahl@ireas.org> | 2019-01-25 17:03:35 +0000 |
---|---|---|
committer | Daniel Mueller <deso@posteo.net> | 2019-01-26 23:35:09 -0800 |
commit | 2809a90f3a790e3fc0a81ddac58f6de56e783cf2 (patch) | |
tree | 59e1cd39a404dd507ef65d0c1468c8d1e7f2300e /nitrocli/src/commands.rs | |
parent | c2159f7d35c17c9d45fdf8ab01d4c33fd4e9590e (diff) | |
download | nitrocli-2809a90f3a790e3fc0a81ddac58f6de56e783cf2.tar.gz nitrocli-2809a90f3a790e3fc0a81ddac58f6de56e783cf2.tar.bz2 |
Check slot status before accessing the PWS
The Nitrokey devices do not check whether a PWS slot is programmed
before accessing it (upstream issues [0] [1]). Until this is fixed in
the firmware, we have to manually check the slot status in pws get. This
could have been done in libnitrokey or the nitrokey crate, yet this
would lead to unnecessary commands if we check multiple fields of a slot
at the same time.
[0] https://github.com/Nitrokey/nitrokey-pro-firmware/issues/56
[1] https://github.com/Nitrokey/nitrokey-storage-firmware/issues/81
Diffstat (limited to 'nitrocli/src/commands.rs')
-rw-r--r-- | nitrocli/src/commands.rs | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index aed0319..82d6240 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -757,6 +757,23 @@ fn print_pws_data( Ok(()) } +fn check_slot(pws: &nitrokey::PasswordSafe<'_>, slot: u8) -> Result<()> { + if slot >= nitrokey::SLOT_COUNT { + return Err(nitrokey::CommandError::InvalidSlot.into()); + } + let status = pws + .get_slot_status() + .map_err(|err| get_error("Could not read PWS slot status", err))?; + if status[slot as usize] { + Ok(()) + } else { + Err(get_error( + "Could not access PWS slot", + nitrokey::CommandError::SlotNotProgrammed, + )) + } +} + /// Read a PWS slot. pub fn pws_get( ctx: &mut args::ExecCtx<'_>, @@ -768,6 +785,8 @@ pub fn pws_get( ) -> Result<()> { let device = get_device(ctx)?; let pws = get_password_safe(ctx, &device)?; + check_slot(&pws, slot)?; + let show_all = !show_name && !show_login && !show_password; if show_all || show_name { print_pws_data(ctx, "name: ", pws.get_slot_name(slot), quiet)?; |