Commit Graph

90 Commits

Author SHA1 Message Date
Jack Grigg 7c532639d4 Fix clippy lints 2023-03-23 14:20:20 +09:00
Jack Grigg d5395ea4e5 yubikey 0.8.0-pre.0 2023-03-23 14:07:13 +09:00
Jack Grigg 0d0f64ff1b base64 0.21 2023-03-23 14:07:13 +09:00
str4d d9c5abaa15 Merge pull request #128 from str4d/115-yubikey-4-no-pin-cache
Document and warn that PIN policy "Once" doesn't work for YubiKey 4
2023-02-16 18:34:11 +00:00
Jack Grigg e86cd8113c Intercept PIN errors and replace with PUK errors as necessary
Once iqlusioninc/yubikey.rs#479 is part of a `yubikey` release we
can migrate to, this will mean that users get correctly notified
of incorrect PUK entry, instead of being told it is an incorrect
PIN issue.
2023-02-12 20:47:58 +00:00
Jack Grigg 4e053b5efc TUI: Warn YubiKey 4 users of issue with PIN policy "Once" 2023-02-11 22:04:14 +00:00
str4d bf437663af Merge pull request #116 from str4d/avoid-resetting-unused-yubikeys
Avoid resetting unused YubiKeys
2023-02-11 04:57:23 +00:00
Jack Grigg 665aedbbba Merge branch 'version-0.3.3' back into main 2023-02-11 04:51:58 +00:00
Jack Grigg d2132b4ac2 Prevent changing the default PIN to itself
Closes str4d/age-plugin-yubikey#120.
2023-02-11 02:47:55 +00:00
Jack Grigg ff3e8e37c9 Treat pcsc::Error::NoSmartcard as a "YubiKey disconnected" error
Some SmartCard readers report this error when no SmartCard is inserted,
so we need to check for it when filtering for connected YubiKeys (along
with `pcsc::Error::RemovedCard` which some _other_ SmartCard readers
report instead).

Closes str4d/age-plugin-yubikey#81.
2023-01-30 00:39:08 +00:00
Jack Grigg b1710e8d69 Enforce correct PIN lengths during YubiKey setup
The behaviour of `age-plugin-yubikey` during setup now matches its
behaviour during plugin usage.
2023-01-29 23:00:46 +00:00
Jack Grigg 55bfa5dafb Avoid resetting YubiKeys that don't match the desired serial
If multiple YubiKeys were connected, and the one we needed for plugin
encryption or decryption was not first in the list of readers, any
YubiKeys before it were being reset upon drop. We now explicitly
disconnect without resetting, since we only access these YubiKeys as a
side-effect of finding the one we need.
2023-01-29 14:16:35 +00:00
Jack Grigg 90b61682bd Don't reset tested YubiKeys in key::filter_connected
This method only connects to YubiKeys in order to confirm it can do so
(i.e. as a side-effect). We therefore want to explicitly disconnect
without resetting the YubiKeys, to avoid clearing PIN caches.
2023-01-29 14:16:35 +00:00
Jack Grigg 45f6580be4 Request PIN before certificate generation if PIN policy is "always"
We also correctly ask for a PIN touch after the key is generated (which
does not need it) but before certificate generation (which does if the
touch policy is not "none").

Closes str4d/age-plugin-yubikey#101.
2023-01-03 02:20:51 +00:00
Jack Grigg 00ab2c756e Don't re-request a cached PIN for identities with PIN policy "once" 2023-01-02 19:06:37 +00:00
Jack Grigg 9418921dab Disconnect without resetting YubiKeys if it is safe to do so
This enables the PIN caches to be preserved across age-plugin-yubikey
processes, allowing PIN policies of "once" to become meaningful.
2023-01-02 19:06:37 +00:00
vlkrs 9ac72cd66f Add recommendations for {Open,Free}BSD when pcscd isn't running. 2023-01-01 15:30:40 +01:00
Jack Grigg a6a5ad109e Fix clippy lints 2023-01-01 14:07:23 +00:00
Jack Grigg 25fcd353f3 dialoguer 0.10 2023-01-01 14:07:22 +00:00
Jack Grigg d8ab6e373e base64 0.20 2023-01-01 14:06:35 +00:00
Jack Grigg f45ff653b8 Bump cryptographic dependencies
- age-plugin 0.4
- bech32 0.9
- p256 0.11
- sha2 0.10
- x509-parser 0.14
- yubikey 0.7
2023-01-01 14:06:34 +00:00
Jack Grigg 1dfadc7e27 Clean up key::filter_connected 2023-01-01 13:29:30 +00:00
Jack Grigg fc66d9f6fd Add helper methods for filtering available keys 2023-01-01 13:27:10 +00:00
Jack Grigg d8eb198e97 Move certificate parsing into Metadata::extract 2023-01-01 13:27:10 +00:00
str4d c8f9df1b45 Merge pull request #95 from str4d/94-yubikey-agent-sighup
Extend "sharing violation" logic to send SIGHUP to `yubikey-agent` processes
2023-01-01 13:24:57 +00:00
Jack Grigg 3597d96332 Correctly hunt agents in plugin mode 2023-01-01 13:18:41 +00:00
Jack Grigg 1913838f8e Hunt for yubikey-agent 2023-01-01 12:52:17 +00:00
Jack Grigg 6e47448560 Generalise code for hunting agents that may be holding YubiKeys 2023-01-01 12:52:17 +00:00
Jack Grigg ac7b04a61d Add keyword argument support to fl! and wlnfl! macros 2022-12-31 14:31:25 +00:00
Jack Grigg 493479344c De-duplicate parsing recipients from SubjectPublicKeyInfo 2022-12-31 12:49:44 +00:00
Jack Grigg e4ef700263 Give guidance on reconfiguring YubiKeys with unprotected management keys
Closes str4d/age-plugin-yubikey#21.
2022-12-30 10:18:17 +00:00
Jack Grigg 15c53e42df Stop scdaemon if it is holding exclusive access to a YubiKey
Closes str4d/age-plugin-yubikey#82.
2022-12-30 09:28:24 +00:00
Jack Grigg d38743a2fc Inform users when pcscd is required
Closes str4d/age-plugin-yubikey#83.
2022-12-29 05:09:47 +00:00
Jack Grigg fb5a1060bd Check the length of the bytes passed to Stub::from_bytes
This will be zero-length when the client uses `-j yubikey`.

Closes str4d/age-plugin-yubikey#48.
2022-05-01 17:59:24 +00:00
Jack Grigg f8314c5d6d Enable users to skip YubiKeys at plugging-in time
This requires the `confirm` plugin command to be supported by the age
client; otherwise we fall back to the previous message-plus-timer
method.
2022-05-01 15:14:36 +00:00
Jack Grigg 345c155bb4 Don't print message if YubiKey is waiting for touch
The user call-to-action will instead be implemented on the client side,
where it can be done in a more forgiving way (allowing the user some
time to react before prompting them that it is waiting on the plugin).
2022-05-01 14:47:55 +00:00
Jack Grigg a92a843e14 Tag all strings for translation 2022-05-01 14:40:05 +00:00
Jack Grigg c4fe3f6b1a Add support for translations 2022-05-01 11:49:06 +00:00
Jack Grigg 5afec288c9 Forbid unsafe code 2022-03-20 16:53:39 +00:00
Jack Grigg 7d2e3a6829 Remove trait imports that are in the 2021 edition prelude 2022-03-20 16:53:39 +00:00
str4d f1bb46d274 Merge pull request #46 from str4d/37-ignore-otp-string
Detect invalid PIN lengths and ask the user again
2022-03-20 14:57:48 +00:00
Jack Grigg 2fc2dcd1c3 Unify the touch request messages
This is also a good test for sending emojis through the age plugin IPC
protocol.
2021-12-20 03:22:25 +00:00
Jack Grigg 68ac19017e Detect invalid PIN lengths and ask the user again
We also detect the specific case where the PIN returned by the user is
likely a YubiKey OTP, generated by the user touching it early.

Closes str4d/age-plugin-yubikey#37.
2021-12-19 01:31:54 +00:00
Jack Grigg e5bdffa5cc Print message if YubiKey is waiting for touch
Closes str4d/age-plugin-yubikey#44.
2021-12-19 00:28:27 +00:00
Jack Grigg 822a10f8f6 yubikey 0.5 2021-11-21 15:51:54 +00:00
Jack Grigg f2237ed2a7 yubikey 0.4 2021-10-18 21:11:42 +01:00
Jack Grigg 399f0b4c11 Rename crate::yubikey to crate::key
So that it doesn't conflict with the renamed `yubikey` crate.
2021-10-18 21:07:23 +01:00
Jack Grigg 77bd7aa3a3 age-plugin 0.2 2021-10-18 20:37:28 +01:00
Jack Grigg f5f140d172 Fix various clippy lints 2021-08-20 16:22:22 +01:00
Jack Grigg 2c90195f99 Check PIN policy before requesting PIN
Closes str4d/age-plugin-yubikey#34.
2021-08-20 15:11:39 +01:00