diff options
| author | Jakob Unterwurzacher | 2021-06-27 11:17:29 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2021-06-27 11:17:29 +0200 |
| commit | 2a9d70d48f4cc715a6864849cdec91ab08b6fd03 (patch) | |
| tree | 9c397356062eaf264b07dcae37994ac08f9ecbff | |
| parent | d6c8d892ffacf92f13798ee71112447100aa5a50 (diff) | |
fido2: drop `-v` option (PIN request)
We used to pass `-v` on `gocryptfs -init` but not for
mount, which seems strange by itself, but more importantly,
`-v` does not work on Yubikeys.
Drop `-v`.
Fixes https://github.com/rfjakob/gocryptfs/issues/571
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | internal/fido2/fido2.go | 19 |
2 files changed, 8 insertions, 14 deletions
@@ -208,6 +208,9 @@ RM: 2,367 Changelog --------- +v2.1 (IN PROGRESS) +* fido2: do not request PIN on `gocryptfs -init` ([#571](https://github.com/rfjakob/gocryptfs/issues/571)) + v2.0.1, 2021-06-07 * Fix symlink creation reporting the wrong size, causing git to report it as modified ([#574](https://github.com/rfjakob/gocryptfs/issues/574)) diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go index f62967b..30121c0 100644 --- a/internal/fido2/fido2.go +++ b/internal/fido2/fido2.go @@ -17,9 +17,8 @@ import ( type fidoCommand int const ( - cred fidoCommand = iota - assert fidoCommand = iota - assertWithPIN fidoCommand = iota + cred fidoCommand = iota + assert fidoCommand = iota ) // String pretty-prints for debug output @@ -29,8 +28,6 @@ func (fc fidoCommand) String() string { return "cred" case assert: return "assert" - case assertWithPIN: - return "assertWithPIN" default: return fmt.Sprintf("%d", fc) } @@ -45,8 +42,6 @@ func callFidoCommand(command fidoCommand, device string, stdin []string) ([]stri cmd = exec.Command("fido2-cred", "-M", "-h", "-v", device) case assert: cmd = exec.Command("fido2-assert", "-G", "-h", device) - case assertWithPIN: - cmd = exec.Command("fido2-assert", "-G", "-h", "-v", device) } tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args) cmd.Stderr = os.Stderr @@ -92,15 +87,11 @@ func Secret(device string, credentialID []byte, salt []byte) (secret []byte) { crid := base64.StdEncoding.EncodeToString(credentialID) hmacsalt := base64.StdEncoding.EncodeToString(salt) stdin := []string{cdh, relyingPartyID, crid, hmacsalt} - // try asserting without PIN first + // call fido2-assert out, err := callFidoCommand(assert, device, stdin) if err != nil { - // if that fails, let's assert with PIN - out, err = callFidoCommand(assertWithPIN, device, stdin) - if err != nil { - tlog.Fatal.Println(err) - os.Exit(exitcodes.FIDO2Error) - } + tlog.Fatal.Println(err) + os.Exit(exitcodes.FIDO2Error) } secret, err = base64.StdEncoding.DecodeString(out[4]) if err != nil { |