Merge pull request #212 from str4d/age-plugin-0.6

Migrate to `age-plugin 0.6`
This commit is contained in:
Jack Grigg
2025-12-21 00:30:17 +00:00
committed by GitHub
3 changed files with 30 additions and 21 deletions
Generated
+18 -7
View File
@@ -29,8 +29,9 @@ dependencies = [
[[package]] [[package]]
name = "age-core" name = "age-core"
version = "0.10.0" version = "0.11.0"
source = "git+https://github.com/str4d/rage.git?rev=baf277a749c839e49f93bffb58d36734ac94be83#baf277a749c839e49f93bffb58d36734ac94be83" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2bf6a89c984ca9d850913ece2da39e1d200563b0a94b002b253beee4c5acf99"
dependencies = [ dependencies = [
"base64 0.21.7", "base64 0.21.7",
"chacha20poly1305", "chacha20poly1305",
@@ -39,15 +40,16 @@ dependencies = [
"io_tee", "io_tee",
"nom", "nom",
"rand", "rand",
"secrecy", "secrecy 0.10.3",
"sha2", "sha2",
"tempfile", "tempfile",
] ]
[[package]] [[package]]
name = "age-plugin" name = "age-plugin"
version = "0.5.0" version = "0.6.1"
source = "git+https://github.com/str4d/rage.git?rev=baf277a749c839e49f93bffb58d36734ac94be83#baf277a749c839e49f93bffb58d36734ac94be83" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8a31f37914cf72cf36a1cd8ea9f24e5df20899e9348dd3d1c8273f4420ce493"
dependencies = [ dependencies = [
"age-core", "age-core",
"base64 0.21.7", "base64 0.21.7",
@@ -1018,7 +1020,7 @@ dependencies = [
"httpdate", "httpdate",
"itoa", "itoa",
"pin-project-lite", "pin-project-lite",
"socket2 0.4.10", "socket2 0.5.7",
"tokio", "tokio",
"tower-service", "tower-service",
"tracing", "tracing",
@@ -2076,6 +2078,15 @@ dependencies = [
"zeroize", "zeroize",
] ]
[[package]]
name = "secrecy"
version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e891af845473308773346dc847b2c23ee78fe442e0472ac50e22a18a93d3ae5a"
dependencies = [
"zeroize",
]
[[package]] [[package]]
name = "security-framework" name = "security-framework"
version = "2.11.1" version = "2.11.1"
@@ -3026,7 +3037,7 @@ dependencies = [
"pcsc", "pcsc",
"rand_core", "rand_core",
"rsa", "rsa",
"secrecy", "secrecy 0.8.0",
"sha1", "sha1",
"sha2", "sha2",
"subtle", "subtle",
+2 -6
View File
@@ -22,8 +22,8 @@ assets = [
] ]
[dependencies] [dependencies]
age-core = "0.10" age-core = "0.11"
age-plugin = "0.5" age-plugin = "0.6"
base64 = "0.21" base64 = "0.21"
bech32 = "0.9" bech32 = "0.9"
console = { version = "0.15", default-features = false } console = { version = "0.15", default-features = false }
@@ -56,7 +56,3 @@ man = "0.3"
tempfile = "3" tempfile = "3"
test-with = "0.11" test-with = "0.11"
which = "5" which = "5"
[patch.crates-io]
age-core = { git = "https://github.com/str4d/rage.git", rev = "baf277a749c839e49f93bffb58d36734ac94be83" }
age-plugin = { git = "https://github.com/str4d/rage.git", rev = "baf277a749c839e49f93bffb58d36734ac94be83" }
+10 -8
View File
@@ -3,7 +3,7 @@
use age_core::{ use age_core::{
format::{FileKey, FILE_KEY_BYTES}, format::{FileKey, FILE_KEY_BYTES},
primitives::{aead_decrypt, hkdf}, primitives::{aead_decrypt, hkdf},
secrecy::{ExposeSecret, SecretString}, secrecy::{zeroize::Zeroize, ExposeSecret, SecretString},
}; };
use age_plugin::{identity, Callbacks}; use age_plugin::{identity, Callbacks};
use bech32::{ToBase32, Variant}; use bech32::{ToBase32, Variant};
@@ -332,7 +332,7 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
.with_prompt(fl!("mgr-choose-new-pin")) .with_prompt(fl!("mgr-choose-new-pin"))
.with_confirmation(fl!("mgr-repeat-new-pin"), fl!("mgr-pin-mismatch")) .with_confirmation(fl!("mgr-repeat-new-pin"), fl!("mgr-pin-mismatch"))
.interact() .interact()
.map(|pin| Result::<_, Infallible>::Ok(SecretString::new(pin))) .map(|pin| Result::<_, Infallible>::Ok(SecretString::from(pin)))
}, },
yubikey.serial(), yubikey.serial(),
)? )?
@@ -747,12 +747,14 @@ impl Connection {
// A failure to decrypt is fatal, because we assume that we won't // A failure to decrypt is fatal, because we assume that we won't
// encounter 32-bit collisions on the key tag embedded in the header. // encounter 32-bit collisions on the key tag embedded in the header.
match aead_decrypt(&enc_key, FILE_KEY_BYTES, &line.encrypted_file_key) { aead_decrypt(&enc_key, FILE_KEY_BYTES, &line.encrypted_file_key)
Ok(pt) => Ok(TryInto::<[u8; FILE_KEY_BYTES]>::try_into(&pt[..]) .map_err(|_| ())
.unwrap() .map(|mut pt| {
.into()), FileKey::init_with_mut(|file_key| {
Err(_) => Err(()), file_key.copy_from_slice(&pt);
} pt.zeroize();
})
})
} }
/// Close this connection without resetting the YubiKey. /// Close this connection without resetting the YubiKey.