Skip to content

Commit

Permalink
Use syscall.Stdin for input handle. Fixes sigstore#1153
Browse files Browse the repository at this point in the history
While is is 0 on Unix, it's not on Windows. Golang handles this with the
syscall.Stdin targeting Windows.

Signed-off-by: Mark Percival <[email protected]>
  • Loading branch information
mdp committed Mar 25, 2022
1 parent 340b6c6 commit ec355ee
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 5 deletions.
5 changes: 4 additions & 1 deletion cmd/cosign/cli/pkcs11cli/commands.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"fmt"
"os"
"path/filepath"
"syscall"

"github.com/miekg/pkcs11"
"github.com/pkg/errors"
Expand Down Expand Up @@ -112,7 +113,9 @@ func GetKeysInfo(_ context.Context, modulePath string, slotID uint, pin string)
if pin == "" {
if tokenInfo.Flags&pkcs11.CKF_LOGIN_REQUIRED == pkcs11.CKF_LOGIN_REQUIRED {
fmt.Fprintf(os.Stderr, "Enter PIN for PKCS11 token '%s': ", tokenInfo.Label)
b, err := term.ReadPassword(0)
// Unnecessary convert of syscall.Stdin on *nix, but Windows is a uintptr
// nolint:unconvert
b, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
return nil, errors.Wrap(err, "get pin")
}
Expand Down
9 changes: 7 additions & 2 deletions pkg/cosign/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"fmt"
"os"
"strings"
"syscall"

"github.com/pkg/errors"
"golang.org/x/term"
Expand All @@ -46,7 +47,9 @@ func ConfirmPrompt(msg string) (bool, error) {

func GetPassFromTerm(confirm bool) ([]byte, error) {
fmt.Fprint(os.Stderr, "Enter password for private key: ")
pw1, err := term.ReadPassword(0)
// Unnecessary convert of syscall.Stdin on *nix, but Windows is a uintptr
// nolint:unconvert
pw1, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
return nil, err
}
Expand All @@ -55,7 +58,9 @@ func GetPassFromTerm(confirm bool) ([]byte, error) {
return pw1, nil
}
fmt.Fprint(os.Stderr, "Enter password for private key again: ")
confirmpw, err := term.ReadPassword(0)
// Unnecessary convert of syscall.Stdin on *nix, but Windows is a uintptr
// nolint:unconvert
confirmpw, err := term.ReadPassword(int(syscall.Stdin))
fmt.Fprintln(os.Stderr)
if err != nil {
return nil, err
Expand Down
5 changes: 4 additions & 1 deletion pkg/cosign/pivkey/pivkey.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"fmt"
"io"
"os"
"syscall"

"github.com/go-piv/piv-go/piv"
"github.com/pkg/errors"
Expand Down Expand Up @@ -194,7 +195,9 @@ func (k *Key) VerifySignature(signature, message io.Reader, opts ...signature.Ve

func getPin() (string, error) {
fmt.Fprint(os.Stderr, "Enter PIN for security key: ")
b, err := term.ReadPassword(0)
// Unnecessary convert of syscall.Stdin on *nix, but Windows is a uintptr
// nolint:unconvert
b, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
return "", err
}
Expand Down
5 changes: 4 additions & 1 deletion pkg/cosign/pkcs11key/pkcs11key.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (
"io"
"os"
"path/filepath"
"syscall"

"github.com/ThalesIgnite/crypto11"
"github.com/miekg/pkcs11"
Expand Down Expand Up @@ -129,7 +130,9 @@ func GetKeyWithURIConfig(config *Pkcs11UriConfig, askForPinIfNeeded bool) (*Key,

if tokenInfo.Flags&pkcs11.CKF_LOGIN_REQUIRED == pkcs11.CKF_LOGIN_REQUIRED {
fmt.Fprintf(os.Stderr, "Enter PIN for key '%s' in PKCS11 token '%s': ", config.KeyLabel, config.TokenLabel)
b, err := term.ReadPassword(0)
// Unnecessary convert of syscall.Stdin on *nix, but Windows is a uintptr
// nolint:unconvert
b, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
return errors.Wrap(err, "get pin")
}
Expand Down

0 comments on commit ec355ee

Please sign in to comment.