From 6732811261cdc17ca0f04d7de8f8016e7f18b5f1 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 18 Aug 2023 15:04:17 +0200 Subject: [PATCH] Link design document to DESIGN comments --- src/authenticator.rs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/authenticator.rs b/src/authenticator.rs index 6a2008a7..f20d8e75 100644 --- a/src/authenticator.rs +++ b/src/authenticator.rs @@ -304,7 +304,7 @@ where self.state.runtime.previously = None; } - // DESIGN Allow all commands to be called without PIN verification + // DESIGN (see design.md): Allow all commands to be called without PIN verification // Lazy init: make sure hardware key is initialized self.init()?; @@ -342,7 +342,7 @@ where }; // Call logout after processing, so the PIN-based KEK would not be kept in the memory - // DESIGN -> Per-request authorization + // DESIGN (see design.md): -> Per-request authorization if self.state.runtime.encryption_key.is_some() { // Do not call automatic logout after these commands match command { @@ -411,7 +411,7 @@ where } fn reset(&mut self) -> Result { - // DESIGN Reset: always confirm with touch button + // DESIGN (see design.md): Reset: always confirm with touch button self.user_present()?; // Run any structured cleanup we have @@ -625,7 +625,7 @@ where } fn register(&mut self, register: command::Register<'_>) -> Result { - // DESIGN Registration: require touch button if set on the credential, but not if the PIN was already checked + // DESIGN (see design.md): Registration: require touch button if set on the credential, but not if the PIN was already checked if register.credential.touch_required && register.credential.encryption_key_type != EncryptionKeyType::PinBased { @@ -821,10 +821,10 @@ where update_req: command::UpdateCredential<'_>, _reply: &mut Data, ) -> Result { - // DESIGN Get operation confirmation from user before proceeding + // DESIGN (see design.md): Get operation confirmation from user before proceeding self.user_present()?; - // DESIGN check if the target name is occupied already + // DESIGN (see design.md): check if the target name is occupied already if let Some(new_label) = update_req.new_label { self.err_if_credential_with_label_exists(new_label)?; } @@ -879,7 +879,7 @@ where } fn require_touch_if_needed(&mut self, credential: &CredentialFlat) -> Result<()> { - // DESIGN Daily use: require touch button if set on the credential, but not if the PIN was already checked + // DESIGN (see design.md): Daily use: require touch button if set on the credential, but not if the PIN was already checked // Safety: encryption_key_type should be set for credential during loading in load_credential if credential.touch_required && credential.encryption_key_type.unwrap() != EncryptionKeyType::PinBased @@ -1388,7 +1388,7 @@ where self._extension_logout()?; - // DESIGN Always ask for touch button confirmation before verifying PIN, to prevent + // DESIGN (see design.md): Always ask for touch button confirmation before verifying PIN, to prevent // non-intentional attempt counter use up self.user_present()?; @@ -1408,7 +1408,7 @@ where if self._extension_is_pin_set()? { return Err(Status::SecurityStatusNotSatisfied); } - // DESIGN Set PIN: always confirm with touch button + // DESIGN (see design.md): Set PIN: always confirm with touch button self.user_present()?; let command::SetPin { password } = set_pin; @@ -1427,7 +1427,7 @@ where if !self._extension_is_pin_set()? { return Err(Status::SecurityStatusNotSatisfied); } - // DESIGN Change PIN: always confirm with touch button + // DESIGN (see design.md): Change PIN: always confirm with touch button self.user_present()?; let command::ChangePin {