Respect option 'silent' on cryptsetup FIDO2 pin entry

Makes the silent flags behavior consistent between regular password entry and FIDO2 pin entry.
2024-07-22 18:55:10 +00:00 · 2021-05-30 13:23:01 -07:00 · 2021-05-30 13:23:01 -07:00 · 4858bc0d84
parent d65c5d04f9
commit 4858bc0d84
4 changed files with 12 additions and 7 deletions
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@ -531,8 +531,9 @@
      <varlistentry>
        <term><option>silent</option></term>

-        <listitem><para>If the encryption password is read from console, no asterisks will be shown
-        while typing the password.</para></listitem>
+        <listitem><para>If an encryption password or security token PIN is
+        read from console, no asterisks will be shown while typing the pin or
+        password.</para></listitem>
      </varlistentry>

      <varlistentry>
--- a/src/cryptsetup/cryptsetup-fido2.c
+++ b/src/cryptsetup/cryptsetup-fido2.c
@ -26,9 +26,10 @@ int acquire_fido2_key(
                bool headless,
                Fido2EnrollFlags required,
                void **ret_decrypted_key,
-                size_t *ret_decrypted_key_size) {
+                size_t *ret_decrypted_key_size,
+                bool silent) {

-        AskPasswordFlags flags = ASK_PASSWORD_PUSH_CACHE | ASK_PASSWORD_ACCEPT_CACHED;
+        AskPasswordFlags flags = ASK_PASSWORD_PUSH_CACHE | ASK_PASSWORD_ACCEPT_CACHED | (silent*ASK_PASSWORD_SILENT);
        _cleanup_strv_free_erase_ char **pins = NULL;
        _cleanup_free_ void *loaded_salt = NULL;
        const char *salt;
--- a/src/cryptsetup/cryptsetup-fido2.h
+++ b/src/cryptsetup/cryptsetup-fido2.h
@ -26,7 +26,8 @@ int acquire_fido2_key(
                bool headless,
                Fido2EnrollFlags required,
                void **ret_decrypted_key,
-                size_t *ret_decrypted_key_size);
+                size_t *ret_decrypted_key_size,
+                bool silent);

 int find_fido2_auto_data(
                struct crypt_device *cd,
@ -56,7 +57,8 @@ static inline int acquire_fido2_key(
                bool headless,
                Fido2EnrollFlags required,
                void **ret_decrypted_key,
-                size_t *ret_decrypted_key_size) {
+                size_t *ret_decrypted_key_size,
+                bool silent) {

        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "FIDO2 token support not available.");
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@ -809,7 +809,8 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
                                until,
                                arg_headless,
                                required,
-                                &decrypted_key, &decrypted_key_size);
+                                &decrypted_key, &decrypted_key_size,
+                                arg_silent);
                if (r >= 0)
                        break;
                if (r != -EAGAIN) /* EAGAIN means: token not found */