diff --git a/agent/systemauth/pinentry/keybase-pinentry/pinentry_osx.go b/agent/systemauth/pinentry/keybase-pinentry/pinentry_osx.go index 0e0a0ab..ba2fca8 100644 --- a/agent/systemauth/pinentry/keybase-pinentry/pinentry_osx.go +++ b/agent/systemauth/pinentry/keybase-pinentry/pinentry_osx.go @@ -7,108 +7,19 @@ package pinentry import ( - "crypto/rand" - "encoding/hex" - "fmt" "os" - - "github.com/keybase/go-keychain" -) - -const ( - // pinentryServiceName is the service name that pinentry uses - // when storing into the Keychain. - pinentryServiceName = "GnuPG" - // accountNameByteLength is how many random bytes to use to - // generate the account name. 32 bytes of randomness is more - // than enough to make the account name unpredictable. - accountNameByteLength = 32 ) type pinentrySecretStoreInfo string func (pi *pinentryInstance) useSecretStore(useSecretStore bool) (pinentrySecretStoreInfo, error) { - if !useSecretStore { - return "", nil - } - - // Make account name unpredictable to make it infeasible for - // an attacker to guess (and thus sniff the passphrase). See - // https://github.com/keybase/client/issues/484#issuecomment-114313867 - // . - var accountNameBytes [accountNameByteLength]byte - n, err := rand.Read(accountNameBytes[:]) - if n != accountNameByteLength { - return "", fmt.Errorf("Unexpected random byte count %d", n) - } - if err != nil { - return "", err - } - - accountName := "keybase-" + hex.EncodeToString(accountNameBytes[:]) - - // This will cause a "Save in Keychain" checkbox to appear in - // the pinentry dialog. If checked, pinentry will then save - // the entered passphrase into the keychain with the service - // name "GnuPG" and the account name equal to the passed-in - // cache-id option value. - pi.Set("OPTION", "cache-id "+accountName, &err) - if err != nil { - // It's possible that the pinentry being used doesn't support - // this option. So just return instead of causing a fatal - // error. - pi.parent.log.Debug("| Error setting pinentry cache-id OPTION: %s", err) - pi.parent.log.Debug("| Not using secret store as a result.") - return "", nil - } - return pinentrySecretStoreInfo(accountName), err + // unimplemented + return false } func (pi *pinentryInstance) shouldStoreSecret(info pinentrySecretStoreInfo) bool { - if len(info) == 0 { - return false - } - - // We just want to know when the user did check the "Save in - // Keychain" checkbox, so remove whatever pinentry put into - // the keychain, and infer the state of the checkbox from the - // error (since there will be no error if an entry was found - // and deleted). - // - // This is a bit of a hack -- this may cause a dialog to pop - // up saying that the client wants to access the user's - // keychain. But this will do for now until we write our own - // pinentry. - query := keychain.NewItem() - query.SetSecClass(keychain.SecClassGenericPassword) - query.SetService(pinentryServiceName) - query.SetAccount(string(info)) - query.SetMatchLimit(keychain.MatchLimitOne) - - // We need to query and delete by item reference because the - // OSX keychain API only allows us to delete unowned items - // this way. - query.SetReturnRef(true) - ref, err := keychain.QueryItemRef(query) - if err != nil { - // Default to false if there was an error. - return false - } - if ref == nil { - // If not found, return false. - return false - } - - defer keychain.Release(ref) - - err = keychain.DeleteItemRef(ref) - if err != nil { - // Default to false if there was an error deleting. - return false - } - - // Entry was found and deleted. - return true + // unimplemted + return false } func HasWindows() bool { diff --git a/go.mod b/go.mod index fb3167d..7cba3a3 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,6 @@ require ( github.com/gorilla/websocket v1.5.1 github.com/icza/gox v0.0.0-20230924165045-adcb03233bb5 github.com/keybase/client/go v0.0.0-20240202160538-668db6be75e4 - github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 github.com/lox/go-touchid v0.0.0-20170712105233-619cc8e578d0 github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a github.com/mitchellh/go-ps v1.0.0 diff --git a/go.sum b/go.sum index a61516b..ab2948b 100644 --- a/go.sum +++ b/go.sum @@ -43,8 +43,6 @@ github.com/keybase/go-framed-msgpack-rpc v0.0.0-20230103225103-1f052922b096 h1:r github.com/keybase/go-framed-msgpack-rpc v0.0.0-20230103225103-1f052922b096/go.mod h1:XO67nMjltHJ8OsBWnFiDU1F67wR+rtJB21NXtb1TKyA= github.com/keybase/go-jsonw v0.0.0-20200325173637-df90f282c233 h1:zLk+cB/0ShMCBcgBOXYgellLZiZahXFicJleKyrlqiM= github.com/keybase/go-jsonw v0.0.0-20200325173637-df90f282c233/go.mod h1:lofKQwj13L0/7ji5VYaY0257JDlQE2BRRf+rI2Vk1rU= -github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= -github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/keybase/go-logging v0.0.0-20231213204715-4b3ff33ba5b6 h1:H4IvZdHXpeK963LgCMbTcEviEal4891UGf2iOqOGL94= github.com/keybase/go-logging v0.0.0-20231213204715-4b3ff33ba5b6/go.mod h1:0yOEB+QF1Ega1Cr7oMKb3yUAc3C9/eg6fBHB5HLP7AA= github.com/keybase/msgpackzip v0.0.0-20221220225959-4abf538d2b9c h1:PRG2AXSelSy7MiDI+PwJR2QSqI1N3OybRUutsMiHtpo=