Move verify_pin after Stub::connect
If all we want is to determine the recipient, we don't need to verify the PIN. Closes str4d/age-plugin-yubikey#30.
This commit is contained in:
@@ -213,6 +213,11 @@ impl IdentityPluginV1 for IdentityPlugin {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if let Err(e) = conn.request_pin(&mut callbacks)? {
|
||||||
|
callbacks.error(e)?.unwrap();
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
for (&file_index, stanzas) in files {
|
for (&file_index, stanzas) in files {
|
||||||
if file_keys.contains_key(&file_index) {
|
if file_keys.contains_key(&file_index) {
|
||||||
// We decrypted this file with an earlier YubiKey.
|
// We decrypted this file with an earlier YubiKey.
|
||||||
|
|||||||
+30
-19
@@ -316,30 +316,12 @@ impl Stub {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
let pin = match callbacks.request_secret(&format!(
|
|
||||||
"Enter PIN for YubiKey with serial {}",
|
|
||||||
self.serial
|
|
||||||
))? {
|
|
||||||
Ok(pin) => pin,
|
|
||||||
Err(_) => {
|
|
||||||
return Ok(Err(identity::Error::Identity {
|
|
||||||
index: self.identity_index,
|
|
||||||
message: format!("A PIN is required for YubiKey with serial {}", self.serial),
|
|
||||||
}))
|
|
||||||
}
|
|
||||||
};
|
|
||||||
if let Err(e) = yubikey.verify_pin(pin.expose_secret().as_bytes()) {
|
|
||||||
return Ok(Err(identity::Error::Identity {
|
|
||||||
index: self.identity_index,
|
|
||||||
message: format!("{:?}", Error::YubiKey(e)),
|
|
||||||
}));
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(Ok(Connection {
|
Ok(Ok(Connection {
|
||||||
yubikey,
|
yubikey,
|
||||||
pk,
|
pk,
|
||||||
slot: self.slot,
|
slot: self.slot,
|
||||||
tag: self.tag,
|
tag: self.tag,
|
||||||
|
identity_index: self.identity_index,
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -349,6 +331,7 @@ pub(crate) struct Connection {
|
|||||||
pk: Recipient,
|
pk: Recipient,
|
||||||
slot: RetiredSlotId,
|
slot: RetiredSlotId,
|
||||||
tag: [u8; 4],
|
tag: [u8; 4],
|
||||||
|
identity_index: usize,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Connection {
|
impl Connection {
|
||||||
@@ -356,6 +339,34 @@ impl Connection {
|
|||||||
&self.pk
|
&self.pk
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub(crate) fn request_pin<E>(
|
||||||
|
&mut self,
|
||||||
|
callbacks: &mut dyn Callbacks<E>,
|
||||||
|
) -> io::Result<Result<(), identity::Error>> {
|
||||||
|
let pin = match callbacks.request_secret(&format!(
|
||||||
|
"Enter PIN for YubiKey with serial {}",
|
||||||
|
self.yubikey.serial()
|
||||||
|
))? {
|
||||||
|
Ok(pin) => pin,
|
||||||
|
Err(_) => {
|
||||||
|
return Ok(Err(identity::Error::Identity {
|
||||||
|
index: self.identity_index,
|
||||||
|
message: format!(
|
||||||
|
"A PIN is required for YubiKey with serial {}",
|
||||||
|
self.yubikey.serial()
|
||||||
|
),
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
};
|
||||||
|
if let Err(e) = self.yubikey.verify_pin(pin.expose_secret().as_bytes()) {
|
||||||
|
return Ok(Err(identity::Error::Identity {
|
||||||
|
index: self.identity_index,
|
||||||
|
message: format!("{:?}", Error::YubiKey(e)),
|
||||||
|
}));
|
||||||
|
}
|
||||||
|
Ok(Ok(()))
|
||||||
|
}
|
||||||
|
|
||||||
pub(crate) fn unwrap_file_key(&mut self, line: &RecipientLine) -> Result<FileKey, ()> {
|
pub(crate) fn unwrap_file_key(&mut self, line: &RecipientLine) -> Result<FileKey, ()> {
|
||||||
assert_eq!(self.tag, line.tag);
|
assert_eq!(self.tag, line.tag);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user