shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

from err
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
shimunn 2019-09-18 19:38:00 +02:00
parent 579851315a
commit 03cc5c70fd
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
5 changed files with 76 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/cli.rs
View File

@ -71,22 +71,21 @@ pub fn setup() -> Fido2LuksResult<()> {
println!("Config saved to: fido2luks.json");
let slot = add_key_to_luks(&config).expect("Failed to add key to device");
//let slot = add_key_to_luks(&config).expect("Failed to add key to device");
println!("Added key to slot: {}", slot);
//println!("Added key to slot: {}", slot);
Ok(())
}
pub fn add_key_to_luks(conf: &Config) -> Fido2LuksResult<u8> {
pub fn add_key_to_luks(device: PathBuf, secret: &[u8; 32]) -> Fido2LuksResult<u8> {
fn offer_format(
_dev: CryptDeviceOpenBuilder,
) -> Fido2LuksResult<CryptDeviceHandle<Luks1Params>> {
unimplemented!()
}
let dev = || -> luks::device::Result<CryptDeviceOpenBuilder> {
luks::open(&conf.device.canonicalize()?)
};
let dev =
|| -> luks::device::Result<CryptDeviceOpenBuilder> { luks::open(&device.canonicalize()?) };
let prev_key_info = rpassword::read_password_from_tty(Some(
"Please enter your current password or path to a keyfile in order to add a new key: ",
@ -113,13 +112,7 @@ pub fn add_key_to_luks(conf: &Config) -> Fido2LuksResult<u8> {
} //TODO: find correct errorno and offer to format as luks
err => err?,
};
let secret = {
let salt = conf.input_salt.obtain(&conf.password_helper)?;
assemble_secret(&perform_challenge(&conf.credential_id, &salt)?, &salt)
};
let slot = handle.add_keyslot(&secret, prev_key.as_ref().map(|b| b.as_slice()), None)?;
let slot = handle.add_keyslot(secret, prev_key.as_ref().map(|b| b.as_slice()), None)?;
Ok(slot)
}

59
src/config.rs
View File

@ -5,6 +5,7 @@ use crypto::sha2::Sha256;
use serde_derive::{Deserialize, Serialize};
use std::collections::HashMap;
use std::convert::TryInto;
use std::env;
use std::fs::File;
use std::io::Read;
@ -13,28 +14,31 @@ use std::process::Command;
#[derive(Debug, Deserialize, Serialize)]
pub struct EnvConfig {
credential_id: String,
device: String,
salt: String,
mapper_name: String,
password_helper: String,
pub credential_id: String,
pub device: Option<String>,
pub salt: String,
pub mapper_name: Option<String>,
pub password_helper: String,
}
impl Into<Config> for EnvConfig {
fn into(self) -> Config {
Config {
impl TryInto<Config> for EnvConfig {
type Error = Fido2LuksError;
fn try_into(self) -> Fido2LuksResult<Config> {
Ok(Config {
credential_id: self.credential_id,
device: self.device.into(),
mapper_name: self.mapper_name,
device: self
.device
.ok_or(Fido2LuksError::ConfigurationError {
cause: ConfigurationError::MissingField("DEVICE".into()),
})?
.into(),
mapper_name: self.mapper_name.ok_or(Fido2LuksError::ConfigurationError {
cause: ConfigurationError::MissingField("DEVICE_MAPPER".into()),
})?,
password_helper: PasswordHelper::Script(self.password_helper),
input_salt: if PathBuf::from(&self.salt).exists() && &self.salt != "Ask" {
InputSalt::File {
path: self.salt.into(),
}
} else {
InputSalt::AskPassword
},
}
input_salt: self.salt.as_str().into(),
})
}
}
@ -93,6 +97,16 @@ impl Default for InputSalt {
}
}
impl From<&str> for InputSalt {
fn from(s: &str) -> Self {
if PathBuf::from(s).exists() && s != "Ask" {
InputSalt::File { path: s.into() }
} else {
InputSalt::AskPassword
}
}
}
impl InputSalt {
pub fn obtain(&self, password_helper: &PasswordHelper) -> Fido2LuksResult<[u8; 32]> {
let mut digest = Sha256::new();
@ -139,6 +153,15 @@ impl Default for PasswordHelper {
}
}
impl From<&str> for PasswordHelper {
fn from(s: &str) -> Self {
match s {
"stdin" => PasswordHelper::Stdin,
s => PasswordHelper::Script(s.into()),
}
}
}
impl PasswordHelper {
pub fn obtain(&self) -> Fido2LuksResult<String> {
use PasswordHelper::*;

2
src/device.rs
View File

@ -5,7 +5,7 @@ use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
use ctap::{FidoDevice, FidoError, FidoErrorKind};
pub fn make_credential_id() -> Fido2LuksResult<FidoHmacCredential> {
let mut errs = Vec::new();
let mut errs = Vec::new();
match get_devices()? {
ref devs if devs.is_empty() => Err(Fido2LuksError::NoAuthenticatorError)?,
devs => {

31
src/error.rs
View File

@ -18,13 +18,36 @@ pub enum Fido2LuksError {
#[fail(display = "no authenticator found, please ensure you device is plugged in")]
IoError { cause: io::Error },
#[fail(display = "failed to parse config, please check formatting and contents")]
ConfigurationError { cause: serde_json::error::Error },
ConfigurationError { cause: ConfigurationError },
#[fail(display = "the submitted secret is not applicable to this luks device")]
WrongSecret,
#[fail(display = "not an utf8 string")]
StringEncodingError { cause: FromUtf8Error },
}
#[derive(Debug)]
pub enum ConfigurationError {
Json(serde_json::error::Error),
Env(envy::Error),
MissingField(String),
}
impl From<serde_json::error::Error> for Fido2LuksError {
fn from(e: serde_json::error::Error) -> Self {
Fido2LuksError::ConfigurationError {
cause: ConfigurationError::Json(e),
}
}
}
impl From<envy::Error> for Fido2LuksError {
fn from(e: envy::Error) -> Self {
Fido2LuksError::ConfigurationError {
cause: ConfigurationError::Env(e),
}
}
}
use std::string::FromUtf8Error;
use Fido2LuksError::*;
@ -46,12 +69,6 @@ impl From<io::Error> for Fido2LuksError {
}
}
impl From<serde_json::error::Error> for Fido2LuksError {
fn from(e: serde_json::error::Error) -> Self {
ConfigurationError { cause: e }
}
}
impl From<FromUtf8Error> for Fido2LuksError {
fn from(e: FromUtf8Error) -> Self {
StringEncodingError { cause: e }

6
src/main.rs
View File

@ -150,13 +150,15 @@ fn main() -> Fido2LuksResult<()> {
Ok(())
}
_ => {
println!("Usage:\n
println!(
"Usage:\n
fido2luks open <device> [name]\n
fido2luks addkey <device>\n\n
Environment variables:\n
<FIDO2LUKS_CREDENTIAL_ID>\n
<FIDO2LUKS_SALT>\n
");
"
);
Ok(())
}
}