Detect invalid PIN lengths and ask the user again

We also detect the specific case where the PIN returned by the user is
likely a YubiKey OTP, generated by the user touching it early.

Closes str4d/age-plugin-yubikey#37.
This commit is contained in:
Jack Grigg
2021-12-19 01:30:08 +00:00
parent 51910edfab
commit 68ac19017e
2 changed files with 48 additions and 11 deletions
+10
View File
@@ -1,4 +1,5 @@
use std::fmt;
use std::iter;
use x509_parser::{certificate::X509Certificate, der_parser::oid::Oid};
use yubikey::{
@@ -61,6 +62,15 @@ pub(crate) fn touch_policy_to_str(policy: Option<TouchPolicy>) -> &'static str {
}
}
const MODHEX: &str = "cbdefghijklnrtuv";
pub(crate) fn otp_serial_prefix(serial: Serial) -> String {
iter::repeat(0)
.take(4)
.chain((0..8).rev().map(|i| (serial.0 >> (4 * i)) & 0x0f))
.map(|i| MODHEX.char_indices().nth(i as usize).unwrap().1)
.collect()
}
pub(crate) fn extract_name(cert: &X509Certificate, all: bool) -> Option<(String, bool)> {
// Look at Subject Organization to determine if we created this.
match cert.subject().iter_organization().next() {