Provide a better error message when management key authentication fails

We now indicate to the user that AES management key algorithms are not
yet supported, and tell them how to change their management key to use
TDES.

Closes str4d/age-plugin-yubikey#135.
This commit is contained in:
Jack Grigg
2023-04-09 06:48:57 +00:00
parent 22fd00bd22
commit 62f237f859
3 changed files with 55 additions and 27 deletions
+22 -3
View File
@@ -21,6 +21,7 @@ pub enum Error {
InvalidSlot(u8),
InvalidTouchPolicy(String),
Io(io::Error),
ManagementKeyAuth,
MultipleCommands,
MultipleYubiKeys,
NoEmptySlots(Serial),
@@ -50,12 +51,19 @@ impl From<yubikey::Error> for Error {
// manually to provide the error output we want.
impl fmt::Debug for Error {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
const CHANGE_MGMT_KEY_CMD: &str =
"ykman piv access change-management-key -a TDES --protect";
const CHANGE_MGMT_KEY_URL: &str = "https://developers.yubico.com/yubikey-manager/";
match self {
Error::CustomManagementKey => {
wlnfl!(f, "err-custom-mgmt-key")?;
let cmd = "ykman piv access change-management-key --protect";
let url = "https://developers.yubico.com/yubikey-manager/";
wlnfl!(f, "rec-custom-mgmt-key", cmd = cmd, url = url)?;
wlnfl!(
f,
"rec-change-mgmt-key",
cmd = CHANGE_MGMT_KEY_CMD,
url = CHANGE_MGMT_KEY_URL
)?;
}
Error::InvalidFlagCommand(flag, command) => wlnfl!(
f,
@@ -78,6 +86,17 @@ impl fmt::Debug for Error {
expected = "always, cached, never",
)?,
Error::Io(e) => wlnfl!(f, "err-io", err = e.to_string())?,
Error::ManagementKeyAuth => {
let aes_url = "https://github.com/str4d/age-plugin-yubikey/issues/92";
wlnfl!(f, "err-mgmt-key-auth")?;
wlnfl!(f, "rec-mgmt-key-auth", aes_url = aes_url)?;
wlnfl!(
f,
"rec-change-mgmt-key",
cmd = CHANGE_MGMT_KEY_CMD,
url = CHANGE_MGMT_KEY_URL
)?;
}
Error::MultipleCommands => wlnfl!(f, "err-multiple-commands")?,
Error::MultipleYubiKeys => wlnfl!(f, "err-multiple-yubikeys")?,
Error::NoEmptySlots(serial) => {