diff options
| author | Robin Krahl <robin.krahl@ireas.org> | 2018-12-23 02:05:32 +0100 |
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2018-12-24 18:15:27 -0800 |
| commit | 86b3170b1dd4c1955e540f5c914a317302754be1 (patch) | |
| tree | 6dc7b2c760af1e9f84db164de2734306b3a0bb57 /nitrocli/src/commands.rs | |
| parent | b3a0db4508319b10a34a3b58c73369f2fdcd2e5d (diff) | |
| download | nitrocli-86b3170b1dd4c1955e540f5c914a317302754be1.tar.gz nitrocli-86b3170b1dd4c1955e540f5c914a317302754be1.tar.bz2 | |
Implement the otp get subcommand
This patch implements the `otp get` subcommand that allows the user to
generate a one-time password on the Nitrokey device. Before generating
the password, the device configuration is checked so that the user only
has to enter a PIN if it is required for the OTP generation.
Diffstat (limited to 'nitrocli/src/commands.rs')
| -rw-r--r-- | nitrocli/src/commands.rs | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs index 9761728..a82734e 100644 --- a/nitrocli/src/commands.rs +++ b/nitrocli/src/commands.rs @@ -20,7 +20,9 @@ use std::result; use nitrokey::Device; +use nitrokey::GenerateOtp; +use crate::args; use crate::error::Error; use crate::pinentry; use crate::Result; @@ -30,6 +32,11 @@ fn get_error(msg: &str, err: &nitrokey::CommandError) -> Error { Error::Error(format!("{}: {:?}", msg, err)) } +/// Connect to any Nitrokey device and return it. +fn get_device() -> Result<nitrokey::DeviceWrapper> { + nitrokey::connect().map_err(|_| Error::Error("Nitrokey device not found".to_string())) +} + /// Connect to a Nitrokey Storage device and return it. fn get_storage_device() -> Result<nitrokey::Storage> { nitrokey::Storage::connect() @@ -53,7 +60,6 @@ where } /// Authenticate the given device with the user PIN. -#[allow(unused)] fn authenticate_user<T>(device: T) -> Result<nitrokey::User<T>> where T: Device, @@ -246,3 +252,27 @@ pub fn clear() -> Result<()> { pinentry::clear_passphrase(pinentry::PinType::User)?; Ok(()) } + +fn get_otp<T: GenerateOtp>(slot: u8, algorithm: args::OtpAlgorithm, device: &T) -> Result<String> { + match algorithm { + args::OtpAlgorithm::Hotp => device.get_hotp_code(slot), + args::OtpAlgorithm::Totp => device.get_totp_code(slot), + } + .map_err(|err| get_error("Could not generate OTP", &err)) +} + +/// Generate a one-time password on the Nitrokey device. +pub fn otp_get(slot: u8, algorithm: args::OtpAlgorithm) -> Result<()> { + let device = get_device()?; + let config = device + .get_config() + .map_err(|err| get_error("Could not get device configuration", &err))?; + let otp = if config.user_password { + let user = authenticate_user(device)?; + get_otp(slot, algorithm, &user) + } else { + get_otp(slot, algorithm, &device) + }?; + println!("{}", otp); + Ok(()) +} |