From 75c869defd5b54b8d3c954ccb22c7e3c13c25403 Mon Sep 17 00:00:00 2001
From: Grimmauld <Grimmauld@grimmauld.de>
Date: Sat, 15 Feb 2025 12:42:43 +0100
Subject: [PATCH] feat: version check guards

---
 src/lib.rs         | 21 +++++++++++++++++----
 src/transaction.rs | 12 ++++++++++++
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/src/lib.rs b/src/lib.rs
index 4b18758..01257fe 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -154,6 +154,22 @@ impl OathSession {
         &self.version
     }
 
+    fn is_at_least_version(&self, minimum_version: Vec<u8>) -> bool {
+        for (local, compare) in self.version.iter().zip(minimum_version) {
+            if *local < compare {
+                return false;
+            }
+        }
+        true
+    }
+
+    pub fn require_version(&self, version: Vec<u8>) -> Result<(), Error> {
+        if !self.is_at_least_version(version.to_owned()) {
+            return Err(Error::Version(self.version.clone(), version));
+        }
+        Ok(())
+    }
+
     pub fn unlock_session(&mut self, key: &[u8]) -> Result<(), Error> {
         let chal = match self.challenge.to_owned() {
             Some(chal) => chal,
@@ -240,7 +256,7 @@ impl OathSession {
             return Err(Error::Authentication);
         }
 
-        // require_version(self.version, (5, 3, 1)) TODO: version checking
+        self.require_version(vec![5, 3, 1])?;
         self.transaction_context.apdu(
             0,
             Instruction::Rename as u8,
@@ -337,9 +353,6 @@ impl OathSession {
             let id_data = CredentialIDData::from_tlv(cred_id.value(), meta.tag());
             let code = OathCodeDisplay::from_tlv(meta);
 
-            // println!("id bytes: {:?}", cred_id.value());
-            // println!("id recon: {:?}", id_data.format_cred_id());
-
             let cred = OathCredential {
                 device_id: self.name.clone(),
                 id_data,
diff --git a/src/transaction.rs b/src/transaction.rs
index 571dec2..414dd3b 100644
--- a/src/transaction.rs
+++ b/src/transaction.rs
@@ -16,6 +16,7 @@ pub enum Error {
     DeviceMismatch,
     Authentication,
     Random(getrandom::Error),
+    Version(Vec<u8>, Vec<u8>),
 }
 
 impl Error {
@@ -56,6 +57,17 @@ impl Display for Error {
             Self::DeviceMismatch => f.write_str("Devices do not match"),
             Self::Authentication => f.write_str("Authentication failure"),
             Self::Random(error_response) => f.write_fmt(format_args!("{}", error_response)),
+            Self::Version(ver, req) => f.write_fmt(format_args!(
+                "Version requirement not met: is {}, required {}",
+                ver.iter()
+                    .map(u8::to_string)
+                    .collect::<Vec<String>>()
+                    .join("."),
+                req.iter()
+                    .map(u8::to_string)
+                    .collect::<Vec<String>>()
+                    .join(".")
+            )),
         }
     }
 }