From 2a9d70d48f4cc715a6864849cdec91ab08b6fd03 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 27 Jun 2021 11:17:29 +0200 Subject: fido2: drop `-v` option (PIN request) We used to pass `-v` on `gocryptfs -init` but not for mount, which seems strange by itself, but more importantly, `-v` does not work on Yubikeys. Drop `-v`. Fixes https://github.com/rfjakob/gocryptfs/issues/571 --- internal/fido2/fido2.go | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) (limited to 'internal') diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go index f62967b..30121c0 100644 --- a/internal/fido2/fido2.go +++ b/internal/fido2/fido2.go @@ -17,9 +17,8 @@ import ( type fidoCommand int const ( - cred fidoCommand = iota - assert fidoCommand = iota - assertWithPIN fidoCommand = iota + cred fidoCommand = iota + assert fidoCommand = iota ) // String pretty-prints for debug output @@ -29,8 +28,6 @@ func (fc fidoCommand) String() string { return "cred" case assert: return "assert" - case assertWithPIN: - return "assertWithPIN" default: return fmt.Sprintf("%d", fc) } @@ -45,8 +42,6 @@ func callFidoCommand(command fidoCommand, device string, stdin []string) ([]stri cmd = exec.Command("fido2-cred", "-M", "-h", "-v", device) case assert: cmd = exec.Command("fido2-assert", "-G", "-h", device) - case assertWithPIN: - cmd = exec.Command("fido2-assert", "-G", "-h", "-v", device) } tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args) cmd.Stderr = os.Stderr @@ -92,15 +87,11 @@ func Secret(device string, credentialID []byte, salt []byte) (secret []byte) { crid := base64.StdEncoding.EncodeToString(credentialID) hmacsalt := base64.StdEncoding.EncodeToString(salt) stdin := []string{cdh, relyingPartyID, crid, hmacsalt} - // try asserting without PIN first + // call fido2-assert out, err := callFidoCommand(assert, device, stdin) if err != nil { - // if that fails, let's assert with PIN - out, err = callFidoCommand(assertWithPIN, device, stdin) - if err != nil { - tlog.Fatal.Println(err) - os.Exit(exitcodes.FIDO2Error) - } + tlog.Fatal.Println(err) + os.Exit(exitcodes.FIDO2Error) } secret, err = base64.StdEncoding.DecodeString(out[4]) if err != nil { -- cgit v1.2.3