Allow three instead of two PIN retries per boot

Previously, a PinAuthBlocked error was already returned after two wrong PIN entries. The reason for this as that decrement_retries also checks if the allowed retries are exceeded. This as unnecessary because pin_blocked is always checked before decrement_retries is called. This patch removes the check in decrement_retries. Fixes: #27
Nitrokey · Jul 7, 2023 · 07b29ce · 07b29ce
1 parent 50589f4
commit 07b29ce
Showing 1 changed file with 2 additions and 7 deletions.
diff --git a/src/state.rs b/src/state.rs
@@ -102,7 +102,7 @@ impl State {
 
     pub fn decrement_retries<T: TrussedClient>(&mut self, trussed: &mut T) -> Result<()> {
         self.persistent.decrement_retries(trussed)?;
-        self.runtime.decrement_retries()?;
+        self.runtime.decrement_retries();
         Ok(())
     }
 
@@ -446,15 +446,10 @@ impl PersistentState {
 impl RuntimeState {
     const POWERCYCLE_RETRIES: u8 = 3;
 
-    fn decrement_retries(&mut self) -> Result<()> {
+    fn decrement_retries(&mut self) {
         if self.consecutive_pin_mismatches < Self::POWERCYCLE_RETRIES {
             self.consecutive_pin_mismatches += 1;
         }
-        if self.consecutive_pin_mismatches == Self::POWERCYCLE_RETRIES {
-            Err(Error::PinAuthBlocked)
-        } else {
-            Ok(())
-        }
     }
 
     fn reset_retries(&mut self) {