diff --git a/src/plugin.rs b/src/plugin.rs index 2dc014f..5812ce1 100644 --- a/src/plugin.rs +++ b/src/plugin.rs @@ -213,6 +213,11 @@ impl IdentityPluginV1 for IdentityPlugin { } }; + if let Err(e) = conn.request_pin(&mut callbacks)? { + callbacks.error(e)?.unwrap(); + continue; + } + for (&file_index, stanzas) in files { if file_keys.contains_key(&file_index) { // We decrypted this file with an earlier YubiKey. diff --git a/src/yubikey.rs b/src/yubikey.rs index 1a15eaa..53a5e2e 100644 --- a/src/yubikey.rs +++ b/src/yubikey.rs @@ -316,30 +316,12 @@ impl Stub { } }; - let pin = match callbacks.request_secret(&format!( - "Enter PIN for YubiKey with serial {}", - self.serial - ))? { - Ok(pin) => pin, - Err(_) => { - return Ok(Err(identity::Error::Identity { - index: self.identity_index, - message: format!("A PIN is required for YubiKey with serial {}", self.serial), - })) - } - }; - if let Err(e) = yubikey.verify_pin(pin.expose_secret().as_bytes()) { - return Ok(Err(identity::Error::Identity { - index: self.identity_index, - message: format!("{:?}", Error::YubiKey(e)), - })); - } - Ok(Ok(Connection { yubikey, pk, slot: self.slot, tag: self.tag, + identity_index: self.identity_index, })) } } @@ -349,6 +331,7 @@ pub(crate) struct Connection { pk: Recipient, slot: RetiredSlotId, tag: [u8; 4], + identity_index: usize, } impl Connection { @@ -356,6 +339,34 @@ impl Connection { &self.pk } + pub(crate) fn request_pin( + &mut self, + callbacks: &mut dyn Callbacks, + ) -> io::Result> { + let pin = match callbacks.request_secret(&format!( + "Enter PIN for YubiKey with serial {}", + self.yubikey.serial() + ))? { + Ok(pin) => pin, + Err(_) => { + return Ok(Err(identity::Error::Identity { + index: self.identity_index, + message: format!( + "A PIN is required for YubiKey with serial {}", + self.yubikey.serial() + ), + })) + } + }; + if let Err(e) = self.yubikey.verify_pin(pin.expose_secret().as_bytes()) { + return Ok(Err(identity::Error::Identity { + index: self.identity_index, + message: format!("{:?}", Error::YubiKey(e)), + })); + } + Ok(Ok(())) + } + pub(crate) fn unwrap_file_key(&mut self, line: &RecipientLine) -> Result { assert_eq!(self.tag, line.tag);