From 345c155bb423f6ffd64842ee0fa2689ef5ba2f14 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 1 May 2022 00:10:12 +0000 Subject: [PATCH] Don't print message if YubiKey is waiting for touch The user call-to-action will instead be implemented on the client side, where it can be done in a more forgiving way (allowing the user some time to react before prompting them that it is waiting on the plugin). --- i18n/en-US/age_plugin_yubikey.ftl | 2 -- src/key.rs | 30 ++++++++++-------------------- src/plugin.rs | 2 +- 3 files changed, 11 insertions(+), 23 deletions(-) diff --git a/i18n/en-US/age_plugin_yubikey.ftl b/i18n/en-US/age_plugin_yubikey.ftl index ac7c70c..d924626 100644 --- a/i18n/en-US/age_plugin_yubikey.ftl +++ b/i18n/en-US/age_plugin_yubikey.ftl @@ -164,8 +164,6 @@ plugin-err-pin-too-short = PIN was too short. plugin-err-pin-too-long = PIN was too long. plugin-err-pin-required = A PIN is required for {-yubikey} with serial {$yubikey_serial} -plugin-touch-yk = 👆 Please touch the {-yubikey} - ## Errors err-custom-mgmt-key = Custom unprotected management keys are not supported. diff --git a/src/key.rs b/src/key.rs index f95a39d..ab1dabb 100644 --- a/src/key.rs +++ b/src/key.rs @@ -447,26 +447,16 @@ impl Connection { Ok(Ok(())) } - pub(crate) fn unwrap_file_key( - &mut self, - line: &RecipientLine, - callbacks: &mut dyn Callbacks, - ) -> io::Result> { + pub(crate) fn unwrap_file_key(&mut self, line: &RecipientLine) -> Result { assert_eq!(self.tag, line.tag); - // If the touch policy requires it, request a touch. - let requested_touch = match ( + // Check if the touch policy requires a touch. + let needs_touch = match ( self.cached_metadata.as_ref().and_then(|m| m.touch_policy), self.last_touch, ) { - (Some(TouchPolicy::Always), _) | (Some(TouchPolicy::Cached), None) => { - callbacks.message(&fl!("plugin-touch-yk"))?.unwrap(); - true - } - (Some(TouchPolicy::Cached), Some(last)) if last.elapsed() >= FIFTEEN_SECONDS => { - callbacks.message(&fl!("plugin-touch-yk"))?.unwrap(); - true - } + (Some(TouchPolicy::Always), _) | (Some(TouchPolicy::Cached), None) => true, + (Some(TouchPolicy::Cached), Some(last)) if last.elapsed() >= FIFTEEN_SECONDS => true, _ => false, }; @@ -479,11 +469,11 @@ impl Connection { SlotId::Retired(self.slot), ) { Ok(res) => res, - Err(_) => return Ok(Err(())), + Err(_) => return Err(()), }; // If we requested a touch and reached here, the user touched the YubiKey. - if requested_touch { + if needs_touch { if let Some(TouchPolicy::Cached) = self.cached_metadata.as_ref().and_then(|m| m.touch_policy) { @@ -500,10 +490,10 @@ impl Connection { // A failure to decrypt is fatal, because we assume that we won't // encounter 32-bit collisions on the key tag embedded in the header. match aead_decrypt(&enc_key, FILE_KEY_BYTES, &line.encrypted_file_key) { - Ok(pt) => Ok(Ok(TryInto::<[u8; FILE_KEY_BYTES]>::try_into(&pt[..]) + Ok(pt) => Ok(TryInto::<[u8; FILE_KEY_BYTES]>::try_into(&pt[..]) .unwrap() - .into())), - Err(_) => Ok(Err(())), + .into()), + Err(_) => Err(()), } } } diff --git a/src/plugin.rs b/src/plugin.rs index e6671d1..965733e 100644 --- a/src/plugin.rs +++ b/src/plugin.rs @@ -222,7 +222,7 @@ impl IdentityPluginV1 for IdentityPlugin { } for (stanza_index, line) in stanzas.iter().enumerate() { - match conn.unwrap_file_key(line, &mut callbacks)? { + match conn.unwrap_file_key(line) { Ok(file_key) => { // We've managed to decrypt this file! file_keys.entry(file_index).or_insert(Ok(file_key));