Move verify_pin after Stub::connect

If all we want is to determine the recipient, we don't need to verify
the PIN.

Closes str4d/age-plugin-yubikey#30.
This commit is contained in:
Jack Grigg
2021-08-20 15:03:25 +01:00
parent 7f43d15942
commit 30f4d00902
2 changed files with 35 additions and 19 deletions
+5
View File
@@ -213,6 +213,11 @@ impl IdentityPluginV1 for IdentityPlugin {
}
};
if let Err(e) = conn.request_pin(&mut callbacks)? {
callbacks.error(e)?.unwrap();
continue;
}
for (&file_index, stanzas) in files {
if file_keys.contains_key(&file_index) {
// We decrypted this file with an earlier YubiKey.
+30 -19
View File
@@ -316,30 +316,12 @@ impl Stub {
}
};
let pin = match callbacks.request_secret(&format!(
"Enter PIN for YubiKey with serial {}",
self.serial
))? {
Ok(pin) => pin,
Err(_) => {
return Ok(Err(identity::Error::Identity {
index: self.identity_index,
message: format!("A PIN is required for YubiKey with serial {}", self.serial),
}))
}
};
if let Err(e) = yubikey.verify_pin(pin.expose_secret().as_bytes()) {
return Ok(Err(identity::Error::Identity {
index: self.identity_index,
message: format!("{:?}", Error::YubiKey(e)),
}));
}
Ok(Ok(Connection {
yubikey,
pk,
slot: self.slot,
tag: self.tag,
identity_index: self.identity_index,
}))
}
}
@@ -349,6 +331,7 @@ pub(crate) struct Connection {
pk: Recipient,
slot: RetiredSlotId,
tag: [u8; 4],
identity_index: usize,
}
impl Connection {
@@ -356,6 +339,34 @@ impl Connection {
&self.pk
}
pub(crate) fn request_pin<E>(
&mut self,
callbacks: &mut dyn Callbacks<E>,
) -> io::Result<Result<(), identity::Error>> {
let pin = match callbacks.request_secret(&format!(
"Enter PIN for YubiKey with serial {}",
self.yubikey.serial()
))? {
Ok(pin) => pin,
Err(_) => {
return Ok(Err(identity::Error::Identity {
index: self.identity_index,
message: format!(
"A PIN is required for YubiKey with serial {}",
self.yubikey.serial()
),
}))
}
};
if let Err(e) = self.yubikey.verify_pin(pin.expose_secret().as_bytes()) {
return Ok(Err(identity::Error::Identity {
index: self.identity_index,
message: format!("{:?}", Error::YubiKey(e)),
}));
}
Ok(Ok(()))
}
pub(crate) fn unwrap_file_key(&mut self, line: &RecipientLine) -> Result<FileKey, ()> {
assert_eq!(self.tag, line.tag);