From a23c692dc38fe95b1a584663166fd3c9ed251326 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Sun, 9 Apr 2017 20:21:39 -0700 Subject: Detect wrong password during 'open' command When a wrong password is entered when attempting to open the encrypted volume the nitrokey will report that in the form of an error. In such a case we should retry the operation after asking the user for the corrected password. This change implements this logic. Note that because we use gpg-agent for the PIN inquiry and because it caches passwords by default we must make sure to clear the cache before retrying. --- nitrocli/src/main.rs | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) (limited to 'nitrocli/src/main.rs') diff --git a/nitrocli/src/main.rs b/nitrocli/src/main.rs index 92aa79e..d75fe77 100644 --- a/nitrocli/src/main.rs +++ b/nitrocli/src/main.rs @@ -230,13 +230,37 @@ fn status() -> Result<()> { /// Open the encrypted volume on the nitrokey. fn open() -> Result<()> { + type Response = nitrokey::Response; + return nitrokey_do(&|handle| { - let passphrase = pinentry::inquire_passphrase()?; - let payload = nitrokey::EnableEncryptedVolumeCommand::new(&passphrase); - let report = nitrokey::Report::from(payload); + let mut retry = 3; + loop { + let passphrase = pinentry::inquire_passphrase()?; + let payload = nitrokey::EnableEncryptedVolumeCommand::new(&passphrase); + let report = nitrokey::Report::from(payload); - transmit::<_, nitrokey::EmptyPayload>(handle, &report)?; - return Ok(()); + let report = transmit::<_, nitrokey::EmptyPayload>(handle, &report)?; + let response = AsRef::::as_ref(&report.data); + let status = response.data.storage_status; + + if status == nitrokey::StorageStatus::WrongPassword { + pinentry::clear_passphrase()?; + retry -= 1; + + if retry > 0 { + println!("Wrong password, please reenter"); + continue; + } + let error = "Opening encrypted volume failed: Wrong password"; + return Err(Error::Error(error.to_string())); + } + if status != nitrokey::StorageStatus::Okay && status != nitrokey::StorageStatus::Idle { + let status = format!("{:?}", status); + let error = format!("Opening encrypted volume failed: {}", status); + return Err(Error::Error(error)); + } + return Ok(()); + } }); } -- cgit v1.2.1