Skip to content

sk-usbhid: improved PIN error handling #329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

sk-usbhid: improved PIN error handling #329

wants to merge 5 commits into from

Conversation

LDVG
Copy link

@LDVG LDVG commented Jun 29, 2022
edited
Loading

NOTE: This PR is a continuation of #310; marked as draft until #310 is merged/closed.

For verify-required and resident options, ssh-keygen always prompts for a PIN. If the authenticator does not have a PIN set, the user is presented with an "invalid format" error message.

Instead of preemptively asking for a PIN, determine whether it's required by examining the authenticator's return value. If a PIN is required but not set, optionally set a new PIN. Otherwise, print a more informative error message to the user.

@martelletto martelletto mentioned this pull request Aug 12, 2022
Open
LDVG added 5 commits November 7, 2022 09:47
@LDVG
sk-usbhid: key_lookup require some form of UV
1666e2c 
To lookup a discoverable SSH credential, some form of user verification
is required. If the device supports a PIN, return a suitable error.
@LDVG
sk-usbhid: define SSH_SK_ERR_PIN_NOT_SET
165b9ef 
Define an error to indicate to the user that a PIN is required but not
set on the authenticator. Joint work with @martelletto.
@LDVG
sk-usbhid: verify-required requires some form of UV
c453cbb 
To use a verify-required credential, some form of UV has to be
configured. If the device supports a PIN and has no form of UV set,
return SSH_SK_ERR_PIN_NOT_SET. Joint work with @martelletto.
@LDVG
sk-usbhid: add method to set authenticator PIN
983abab 
No-op if PIN has already been set. Joint work with @martelletto.
@LDVG
ssh-keygen: ask to set authenticator PIN if unset
5d0ed84 
On a SSH_ERR_DEVICE_PIN_NOT_SET error, assist user in setting a PIN.
Joint work with @martelletto.
@LDVG LDVG marked this pull request as ready for review November 7, 2022 10:21
@LDVG
Copy link
Author

LDVG commented Nov 7, 2022
edited
Loading

Rebased since #310 and parts of #302 were merged. The latter dropped preemptive prompts for the authenticator PIN which means this PR now primarily aims to help the user enroll a PIN when creating resident or verify-required credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@LDVG