keyfork-shard: add message for PIN too short

This commit is contained in:
Ryan Heywood 2023-11-10 18:11:24 -05:00
parent 01fce410a5
commit ca2ce33d7a
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
3 changed files with 22 additions and 12 deletions

1
Cargo.lock generated
View File

@ -1077,6 +1077,7 @@ dependencies = [
"card-backend-pcsc", "card-backend-pcsc",
"keyfork-derive-openpgp", "keyfork-derive-openpgp",
"keyfork-pinentry", "keyfork-pinentry",
"openpgp-card",
"openpgp-card-sequoia", "openpgp-card-sequoia",
"sequoia-openpgp", "sequoia-openpgp",
"serde", "serde",

View File

@ -8,7 +8,7 @@ edition = "2021"
[features] [features]
default = ["openpgp", "openpgp-card"] default = ["openpgp", "openpgp-card"]
openpgp = ["sequoia-openpgp", "prompt"] openpgp = ["sequoia-openpgp", "prompt"]
openpgp-card = ["openpgp-card-sequoia", "card-backend-pcsc", "card-backend"] openpgp-card = ["openpgp-card-sequoia", "card-backend-pcsc", "card-backend", "dep:openpgp-card"]
prompt = ["keyfork-pinentry"] prompt = ["keyfork-pinentry"]
[dependencies] [dependencies]
@ -19,6 +19,7 @@ card-backend-pcsc = { version = "0.5.0", optional = true }
keyfork-derive-openpgp = { version = "0.1.0", path = "../keyfork-derive-openpgp" } keyfork-derive-openpgp = { version = "0.1.0", path = "../keyfork-derive-openpgp" }
keyfork-pinentry = { version = "0.5.0", path = "../keyfork-pinentry", optional = true } keyfork-pinentry = { version = "0.5.0", path = "../keyfork-pinentry", optional = true }
openpgp-card-sequoia = { version = "0.2.0", optional = true } openpgp-card-sequoia = { version = "0.2.0", optional = true }
openpgp-card = { version = "0.4.0", optional = true }
sequoia-openpgp = { version = "1.16.1", optional = true } sequoia-openpgp = { version = "1.16.1", optional = true }
serde = "1.0.188" serde = "1.0.188"
sharks = "0.5.0" sharks = "0.5.0"

View File

@ -13,6 +13,7 @@ use crate::prompt_manager::{PinentryError, PromptManager};
use anyhow::Context; use anyhow::Context;
use card_backend_pcsc::PcscBackend; use card_backend_pcsc::PcscBackend;
use openpgp_card::{Error as CardError, StatusBytes};
use openpgp_card_sequoia::{state::Open, types::Error as SequoiaCardError, Card}; use openpgp_card_sequoia::{state::Open, types::Error as SequoiaCardError, Card};
#[derive(thiserror::Error, Debug)] #[derive(thiserror::Error, Debug)]
@ -52,7 +53,7 @@ fn format_name(input: impl AsRef<str>) -> String {
.as_ref() .as_ref()
.split("<<") .split("<<")
.take(2) .take(2)
.map(|s| s.replace('>', " ")) .map(|s| s.replace('<', " "))
.collect::<Vec<_>>(); .collect::<Vec<_>>();
n.reverse(); n.reverse();
n.join(" ") n.join(" ")
@ -214,11 +215,13 @@ impl DecryptionHelper for &mut SmartcardManager {
.application_identifier() .application_identifier()
.context("Could not load application identifier")? .context("Could not load application identifier")?
.ident(); .ident();
let pw_status = transaction
.pw_status_bytes()
.map_err(Error::PwStatusBytes)?;
let mut pin = None; let mut pin = None;
for _ in 0..pw_status.err_count_pw1() { while transaction
.pw_status_bytes()
.map_err(Error::PwStatusBytes)?
.err_count_pw1()
> 0
{
transaction.reload_ard()?; transaction.reload_ard()?;
let attempts = transaction let attempts = transaction
.pw_status_bytes() .pw_status_bytes()
@ -231,12 +234,17 @@ impl DecryptionHelper for &mut SmartcardManager {
format!("Unlock card {card_id} ({cardholder_name})\n\n{rpea}: {attempts}") format!("Unlock card {card_id} ({cardholder_name})\n\n{rpea}: {attempts}")
}; };
let temp_pin = self.pm.prompt_passphrase("Smartcard User PIN", message)?; let temp_pin = self.pm.prompt_passphrase("Smartcard User PIN", message)?;
if transaction let verification_status =
.verify_user_pin(temp_pin.expose_secret().as_str().trim()) transaction.verify_user_pin(temp_pin.expose_secret().as_str().trim());
.is_ok() match verification_status {
{ Ok(_) => {
pin.replace(temp_pin); pin.replace(temp_pin);
break; break;
}
Err(CardError::CardStatus(StatusBytes::IncorrectParametersCommandDataField)) => {
self.pm.prompt_message("Invalid PIN length entered.")?;
}
Err(_) => {}
} }
} }
let pin = pin.ok_or(Error::InvalidPIN)?; let pin = pin.ok_or(Error::InvalidPIN)?;