diff --git a/README.md b/README.md index deb5bd9..503c037 100644 --- a/README.md +++ b/README.md @@ -208,6 +208,9 @@ RM: 2,367 Changelog --------- +v2.1 (IN PROGRESS) +* fido2: do not request PIN on `gocryptfs -init` ([#571](https://github.com/rfjakob/gocryptfs/issues/571)) + v2.0.1, 2021-06-07 * Fix symlink creation reporting the wrong size, causing git to report it as modified ([#574](https://github.com/rfjakob/gocryptfs/issues/574)) diff --git a/internal/fido2/fido2.go b/internal/fido2/fido2.go index f62967b..30121c0 100644 --- a/internal/fido2/fido2.go +++ b/internal/fido2/fido2.go @@ -17,9 +17,8 @@ import ( type fidoCommand int const ( - cred fidoCommand = iota - assert fidoCommand = iota - assertWithPIN fidoCommand = iota + cred fidoCommand = iota + assert fidoCommand = iota ) // String pretty-prints for debug output @@ -29,8 +28,6 @@ func (fc fidoCommand) String() string { return "cred" case assert: return "assert" - case assertWithPIN: - return "assertWithPIN" default: return fmt.Sprintf("%d", fc) } @@ -45,8 +42,6 @@ func callFidoCommand(command fidoCommand, device string, stdin []string) ([]stri cmd = exec.Command("fido2-cred", "-M", "-h", "-v", device) case assert: cmd = exec.Command("fido2-assert", "-G", "-h", device) - case assertWithPIN: - cmd = exec.Command("fido2-assert", "-G", "-h", "-v", device) } tlog.Debug.Printf("callFidoCommand %s: executing %q with args %q", command, cmd.Path, cmd.Args) cmd.Stderr = os.Stderr @@ -92,15 +87,11 @@ func Secret(device string, credentialID []byte, salt []byte) (secret []byte) { crid := base64.StdEncoding.EncodeToString(credentialID) hmacsalt := base64.StdEncoding.EncodeToString(salt) stdin := []string{cdh, relyingPartyID, crid, hmacsalt} - // try asserting without PIN first + // call fido2-assert out, err := callFidoCommand(assert, device, stdin) if err != nil { - // if that fails, let's assert with PIN - out, err = callFidoCommand(assertWithPIN, device, stdin) - if err != nil { - tlog.Fatal.Println(err) - os.Exit(exitcodes.FIDO2Error) - } + tlog.Fatal.Println(err) + os.Exit(exitcodes.FIDO2Error) } secret, err = base64.StdEncoding.DecodeString(out[4]) if err != nil {