feat: version check guards

2025-03-04 05:44:40 +01:00 · 2025-02-15 12:42:43 +01:00 · 2025-02-15 12:42:43 +01:00 · 75c869defd
commit 75c869defd
parent d57c03e643
2 changed files with 29 additions and 4 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@ -154,6 +154,22 @@ impl OathSession {
        &self.version
    }

+    fn is_at_least_version(&self, minimum_version: Vec<u8>) -> bool {
+        for (local, compare) in self.version.iter().zip(minimum_version) {
+            if *local < compare {
+                return false;
+            }
+        }
+        true
+    }
+
+    pub fn require_version(&self, version: Vec<u8>) -> Result<(), Error> {
+        if !self.is_at_least_version(version.to_owned()) {
+            return Err(Error::Version(self.version.clone(), version));
+        }
+        Ok(())
+    }
+
    pub fn unlock_session(&mut self, key: &[u8]) -> Result<(), Error> {
        let chal = match self.challenge.to_owned() {
            Some(chal) => chal,
@ -240,7 +256,7 @@ impl OathSession {
            return Err(Error::Authentication);
        }

-        // require_version(self.version, (5, 3, 1)) TODO: version checking
+        self.require_version(vec![5, 3, 1])?;
        self.transaction_context.apdu(
            0,
            Instruction::Rename as u8,
@ -337,9 +353,6 @@ impl OathSession {
            let id_data = CredentialIDData::from_tlv(cred_id.value(), meta.tag());
            let code = OathCodeDisplay::from_tlv(meta);

-            // println!("id bytes: {:?}", cred_id.value());
-            // println!("id recon: {:?}", id_data.format_cred_id());
-
            let cred = OathCredential {
                device_id: self.name.clone(),
                id_data,
--- a/src/transaction.rs
+++ b/src/transaction.rs
@ -16,6 +16,7 @@ pub enum Error {
    DeviceMismatch,
    Authentication,
    Random(getrandom::Error),
+    Version(Vec<u8>, Vec<u8>),
 }

 impl Error {
@ -56,6 +57,17 @@ impl Display for Error {
            Self::DeviceMismatch => f.write_str("Devices do not match"),
            Self::Authentication => f.write_str("Authentication failure"),
            Self::Random(error_response) => f.write_fmt(format_args!("{}", error_response)),
+            Self::Version(ver, req) => f.write_fmt(format_args!(
+                "Version requirement not met: is {}, required {}",
+                ver.iter()
+                    .map(u8::to_string)
+                    .collect::<Vec<String>>()
+                    .join("."),
+                req.iter()
+                    .map(u8::to_string)
+                    .collect::<Vec<String>>()
+                    .join(".")
+            )),
        }
    }
 }