diff options
| author | Daniel Mueller <deso@posteo.net> | 2017-04-09 20:21:39 -0700 |
|---|---|---|
| committer | Daniel Mueller <deso@posteo.net> | 2017-04-09 20:21:39 -0700 |
| commit | a23c692dc38fe95b1a584663166fd3c9ed251326 (patch) | |
| tree | 21f2a08703245b0022da01d7ab6cc312bacfb584 /nitrocli/src/main.rs | |
| parent | f94d04578f44fc79212550203838f7c78e1ac414 (diff) | |
| download | nitrocli-a23c692dc38fe95b1a584663166fd3c9ed251326.tar.gz nitrocli-a23c692dc38fe95b1a584663166fd3c9ed251326.tar.bz2 | |
Detect wrong password during 'open' command
When a wrong password is entered when attempting to open the encrypted
volume the nitrokey will report that in the form of an error. In such a
case we should retry the operation after asking the user for the
corrected password.
This change implements this logic. Note that because we use gpg-agent
for the PIN inquiry and because it caches passwords by default we must
make sure to clear the cache before retrying.
Diffstat (limited to 'nitrocli/src/main.rs')
| -rw-r--r-- | nitrocli/src/main.rs | 34 |
1 files changed, 29 insertions, 5 deletions
diff --git a/nitrocli/src/main.rs b/nitrocli/src/main.rs index 92aa79e..d75fe77 100644 --- a/nitrocli/src/main.rs +++ b/nitrocli/src/main.rs @@ -230,13 +230,37 @@ fn status() -> Result<()> { /// Open the encrypted volume on the nitrokey. fn open() -> Result<()> { + type Response = nitrokey::Response<nitrokey::StorageResponse>; + return nitrokey_do(&|handle| { - let passphrase = pinentry::inquire_passphrase()?; - let payload = nitrokey::EnableEncryptedVolumeCommand::new(&passphrase); - let report = nitrokey::Report::from(payload); + let mut retry = 3; + loop { + let passphrase = pinentry::inquire_passphrase()?; + let payload = nitrokey::EnableEncryptedVolumeCommand::new(&passphrase); + let report = nitrokey::Report::from(payload); - transmit::<_, nitrokey::EmptyPayload>(handle, &report)?; - return Ok(()); + let report = transmit::<_, nitrokey::EmptyPayload>(handle, &report)?; + let response = AsRef::<Response>::as_ref(&report.data); + let status = response.data.storage_status; + + if status == nitrokey::StorageStatus::WrongPassword { + pinentry::clear_passphrase()?; + retry -= 1; + + if retry > 0 { + println!("Wrong password, please reenter"); + continue; + } + let error = "Opening encrypted volume failed: Wrong password"; + return Err(Error::Error(error.to_string())); + } + if status != nitrokey::StorageStatus::Okay && status != nitrokey::StorageStatus::Idle { + let status = format!("{:?}", status); + let error = format!("Opening encrypted volume failed: {}", status); + return Err(Error::Error(error)); + } + return Ok(()); + } }); } |