aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/auth.rs62
-rw-r--r--tests/device.rs28
2 files changed, 65 insertions, 25 deletions
diff --git a/src/auth.rs b/src/auth.rs
index 0b000f7..5ecb393 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -10,7 +10,7 @@ use nitrokey_sys;
use crate::config::{Config, RawConfig};
use crate::device::{Device, DeviceWrapper, Pro, Storage};
-use crate::error::Error;
+use crate::error::{AuthenticationError, Error};
use crate::otp::{ConfigureOtp, GenerateOtp, OtpMode, OtpSlotData, RawOtpSlotData};
use crate::util::{generate_password, get_command_result, get_cstring, result_from_string};
@@ -63,7 +63,10 @@ pub trait Authenticate<'a> {
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`RngError`]: enum.CommandError.html#variant.RngError
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)>
+ fn authenticate_user(
+ self,
+ password: &str,
+ ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>>
where
Self: Device<'a> + Sized;
@@ -110,7 +113,10 @@ pub trait Authenticate<'a> {
/// [`InvalidString`]: enum.LibraryError.html#variant.InvalidString
/// [`RngError`]: enum.CommandError.html#variant.RngError
/// [`WrongPassword`]: enum.CommandError.html#variant.WrongPassword
- fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)>
+ fn authenticate_admin(
+ self,
+ password: &str,
+ ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>>
where
Self: Device<'a> + Sized;
}
@@ -153,7 +159,11 @@ pub struct Admin<'a, T: Device<'a>> {
marker: marker::PhantomData<&'a T>,
}
-fn authenticate<'a, D, A, T>(device: D, password: &str, callback: T) -> Result<A, (D, Error)>
+fn authenticate<'a, D, A, T>(
+ device: D,
+ password: &str,
+ callback: T,
+) -> Result<A, AuthenticationError<'a, D>>
where
D: Device<'a>,
A: AuthenticatedDevice<D>,
@@ -161,17 +171,17 @@ where
{
let temp_password = match generate_password(TEMPORARY_PASSWORD_LENGTH) {
Ok(temp_password) => temp_password,
- Err(err) => return Err((device, err)),
+ Err(err) => return Err(AuthenticationError::new(err, device)),
};
let password = match get_cstring(password) {
Ok(password) => password,
- Err(err) => return Err((device, err)),
+ Err(err) => return Err(AuthenticationError::new(err, device)),
};
let password_ptr = password.as_ptr();
let temp_password_ptr = temp_password.as_ptr() as *const c_char;
match callback(password_ptr, temp_password_ptr) {
0 => Ok(A::new(device, temp_password)),
- rv => Err((device, Error::from(rv))),
+ rv => Err(AuthenticationError::new(Error::from(rv), device)),
}
}
@@ -179,7 +189,7 @@ fn authenticate_user_wrapper<'a, T, C>(
device: T,
constructor: C,
password: &str,
-) -> Result<User<'a, DeviceWrapper<'a>>, (DeviceWrapper<'a>, Error)>
+) -> Result<User<'a, DeviceWrapper<'a>>, AuthenticationError<'a, DeviceWrapper<'a>>>
where
T: Device<'a> + 'a,
C: Fn(T) -> DeviceWrapper<'a>,
@@ -187,7 +197,7 @@ where
let result = device.authenticate_user(password);
match result {
Ok(user) => Ok(User::new(constructor(user.device), user.temp_password)),
- Err((device, err)) => Err((constructor(device), err)),
+ Err(err) => Err(err.map_device(constructor)),
}
}
@@ -195,7 +205,7 @@ fn authenticate_admin_wrapper<'a, T, C>(
device: T,
constructor: C,
password: &str,
-) -> Result<Admin<'a, DeviceWrapper<'a>>, (DeviceWrapper<'a>, Error)>
+) -> Result<Admin<'a, DeviceWrapper<'a>>, AuthenticationError<'a, DeviceWrapper<'a>>>
where
T: Device<'a> + 'a,
C: Fn(T) -> DeviceWrapper<'a>,
@@ -203,7 +213,7 @@ where
let result = device.authenticate_admin(password);
match result {
Ok(user) => Ok(Admin::new(constructor(user.device), user.temp_password)),
- Err((device, err)) => Err((constructor(device), err)),
+ Err(err) => Err(err.map_device(constructor)),
}
}
@@ -386,7 +396,10 @@ impl<'a, T: Device<'a>> AuthenticatedDevice<T> for Admin<'a, T> {
}
impl<'a> Authenticate<'a> for DeviceWrapper<'a> {
- fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)> {
+ fn authenticate_user(
+ self,
+ password: &str,
+ ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>> {
match self {
DeviceWrapper::Storage(storage) => {
authenticate_user_wrapper(storage, DeviceWrapper::Storage, password)
@@ -395,7 +408,10 @@ impl<'a> Authenticate<'a> for DeviceWrapper<'a> {
}
}
- fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)> {
+ fn authenticate_admin(
+ self,
+ password: &str,
+ ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>> {
match self {
DeviceWrapper::Storage(storage) => {
authenticate_admin_wrapper(storage, DeviceWrapper::Storage, password)
@@ -408,13 +424,19 @@ impl<'a> Authenticate<'a> for DeviceWrapper<'a> {
}
impl<'a> Authenticate<'a> for Pro<'a> {
- fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)> {
+ fn authenticate_user(
+ self,
+ password: &str,
+ ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr)
})
}
- fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)> {
+ fn authenticate_admin(
+ self,
+ password: &str,
+ ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_first_authenticate(password_ptr, temp_password_ptr)
})
@@ -422,13 +444,19 @@ impl<'a> Authenticate<'a> for Pro<'a> {
}
impl<'a> Authenticate<'a> for Storage<'a> {
- fn authenticate_user(self, password: &str) -> Result<User<'a, Self>, (Self, Error)> {
+ fn authenticate_user(
+ self,
+ password: &str,
+ ) -> Result<User<'a, Self>, AuthenticationError<'a, Self>> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_user_authenticate(password_ptr, temp_password_ptr)
})
}
- fn authenticate_admin(self, password: &str) -> Result<Admin<'a, Self>, (Self, Error)> {
+ fn authenticate_admin(
+ self,
+ password: &str,
+ ) -> Result<Admin<'a, Self>, AuthenticationError<'a, Self>> {
authenticate(self, password, |password_ptr, temp_password_ptr| unsafe {
nitrokey_sys::NK_first_authenticate(password_ptr, temp_password_ptr)
})
diff --git a/tests/device.rs b/tests/device.rs
index e367558..630dd93 100644
--- a/tests/device.rs
+++ b/tests/device.rs
@@ -103,7 +103,7 @@ where
let result = device.authenticate_admin(&(DEFAULT_ADMIN_PIN.to_owned() + suffix));
let device = match result {
Ok(admin) => admin.device(),
- Err((device, _)) => device,
+ Err(err) => err.into_device(),
};
assert_ok!(count, device.get_admin_retry_count());
return device;
@@ -116,7 +116,7 @@ where
let result = device.authenticate_user(&(DEFAULT_USER_PIN.to_owned() + suffix));
let device = match result {
Ok(admin) => admin.device(),
- Err((device, _)) => device,
+ Err(err) => err.into_device(),
};
assert_ok!(count, device.get_user_retry_count());
return device;
@@ -158,7 +158,10 @@ fn config(device: DeviceWrapper) {
#[test_device]
fn change_user_pin(device: DeviceWrapper) {
let device = device.authenticate_user(DEFAULT_USER_PIN).unwrap().device();
- let device = device.authenticate_user(USER_NEW_PASSWORD).unwrap_err().0;
+ let device = device
+ .authenticate_user(USER_NEW_PASSWORD)
+ .unwrap_err()
+ .into_device();
let mut device = device;
assert_ok!(
@@ -166,7 +169,10 @@ fn change_user_pin(device: DeviceWrapper) {
device.change_user_pin(DEFAULT_USER_PIN, USER_NEW_PASSWORD)
);
- let device = device.authenticate_user(DEFAULT_USER_PIN).unwrap_err().0;
+ let device = device
+ .authenticate_user(DEFAULT_USER_PIN)
+ .unwrap_err()
+ .into_device();
let device = device
.authenticate_user(USER_NEW_PASSWORD)
.unwrap()
@@ -191,14 +197,20 @@ fn change_admin_pin(device: DeviceWrapper) {
.authenticate_admin(DEFAULT_ADMIN_PIN)
.unwrap()
.device();
- let mut device = device.authenticate_admin(ADMIN_NEW_PASSWORD).unwrap_err().0;
+ let mut device = device
+ .authenticate_admin(ADMIN_NEW_PASSWORD)
+ .unwrap_err()
+ .into_device();
assert_ok!(
(),
device.change_admin_pin(DEFAULT_ADMIN_PIN, ADMIN_NEW_PASSWORD)
);
- let device = device.authenticate_admin(DEFAULT_ADMIN_PIN).unwrap_err().0;
+ let device = device
+ .authenticate_admin(DEFAULT_ADMIN_PIN)
+ .unwrap_err()
+ .into_device();
let mut device = device
.authenticate_admin(ADMIN_NEW_PASSWORD)
.unwrap()
@@ -229,11 +241,11 @@ where
let result = device.authenticate_user(password);
assert!(result.is_err());
let err = result.unwrap_err();
- match err.1 {
+ match *err.as_error() {
Error::CommandError(err) => assert_eq!(error, err),
_ => assert!(false),
};
- err.0
+ err.into_device()
}
#[test_device]