From 50630e9f3d7f649e41ab6f1102b40a1e4ec99686 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 20 Jun 2021 12:59:45 +0200 Subject: [PATCH] fido2: hide "FIDO2" in gocryptfs.conf if not used Result of: $ gocryptfs -init foo $ cat foo/gocryptfs.conf Before: { "Creator": "gocryptfs v2.0.1", "EncryptedKey": "FodEdNHD/cCwv1n5BuyAkbIOnJ/O5gfdCh3YssUCJ2DUr0A8DrQ5NH2SLhREeWRL3V8EMiPO2Ncr5IVwE4SSxQ==", "ScryptObject": { "Salt": "brGaw9Jg1kbPuSXFiwoxqK2oXFTgbniSgpiB+cu+67Y=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ], "FIDO2": { "CredentialID": null, "HMACSalt": null } } After: { "Creator": "gocryptfs v2.0.1-5-gf9718eb-dirty.DerDonut-badnamecontent", "EncryptedKey": "oFMj1lS1ZsM/vEfanNMeCTPw3PZr5VWeL7ap8Jd8YQm6evy2BAhtQ/pd6RzDx84wlCz9TpxqHRihuwSEMnOWWg==", "ScryptObject": { "Salt": "JZ/5mhy4a8EAQ/wDF1POIEe4/Ss38cfJgXgj26DuA4M=", "N": 65536, "R": 8, "P": 1, "KeyLen": 32 }, "Version": 2, "FeatureFlags": [ "GCMIV128", "HKDF", "DirIV", "EMENames", "LongNames", "Raw64" ] } --- internal/configfile/config_file.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go index e4921f7..40dda38 100644 --- a/internal/configfile/config_file.go +++ b/internal/configfile/config_file.go @@ -56,7 +56,7 @@ type ConfFile struct { // stored in the superblock. FeatureFlags []string // FIDO2 parameters - FIDO2 FIDO2Params + FIDO2 *FIDO2Params `json:",omitempty"` // Filename is the name of the config file. Not exported to JSON. filename string } @@ -102,8 +102,10 @@ func Create(filename string, password []byte, plaintextNames bool, } if len(fido2CredentialID) > 0 { cf.FeatureFlags = append(cf.FeatureFlags, knownFlags[FlagFIDO2]) - cf.FIDO2.CredentialID = fido2CredentialID - cf.FIDO2.HMACSalt = fido2HmacSalt + cf.FIDO2 = &FIDO2Params{ + CredentialID: fido2CredentialID, + HMACSalt: fido2HmacSalt, + } } { // Generate new random master key