shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

parse env

Browse Source
This commit is contained in:
shimunn 2019-09-17 20:39:40 +02:00
parent 40bf047528
commit 34e428f507
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
4 changed files with 55 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Cargo.lock generated
View File

@ -106,6 +106,14 @@ dependencies = [
"untrusted 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)", "untrusted 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)",
] ]
[[package]]
name = "envy"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
dependencies = [
"serde 1.0.100 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]] [[package]]
name = "errno" name = "errno"
version = "0.1.8" version = "0.1.8"
@ -161,6 +169,7 @@ version = "0.1.0"
dependencies = [ dependencies = [
"cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
"ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)", "ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)",
"envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
"failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
"hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
"keyutils 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "keyutils 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
@ -602,6 +611,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
"checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f" "checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f"
"checksum cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9da293bc97d0ccf0f53e440537dc2dd945eaa79642997685a1c0664062ef0a29" "checksum cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9da293bc97d0ccf0f53e440537dc2dd945eaa79642997685a1c0664062ef0a29"
"checksum ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)" = "<none>" "checksum ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)" = "<none>"
"checksum envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "261b836bcf13f42a01c70351f56bd7b66db6e6fb58352bd214cb77e9269a34b4"
"checksum errno 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "1e2b2decb0484e15560df3210cf0d78654bb0864b2c138977c07e377a1bae0e2" "checksum errno 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "1e2b2decb0484e15560df3210cf0d78654bb0864b2c138977c07e377a1bae0e2"
"checksum errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2a071601ed01b988f896ab14b95e67335d1eeb50190932a1320f7fe3cadc84e" "checksum errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2a071601ed01b988f896ab14b95e67335d1eeb50190932a1320f7fe3cadc84e"
"checksum errno-dragonfly 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "14ca354e36190500e1e1fb267c647932382b54053c50b14970856c0b00a35067" "checksum errno-dragonfly 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "14ca354e36190500e1e1fb267c647932382b54053c50b14970856c0b00a35067"

1
Cargo.toml
View File

@ -15,6 +15,7 @@ serde = "1.0.100"
serde_json = "1.0.40" serde_json = "1.0.40"
keyutils = "0.2.1" keyutils = "0.2.1"
rpassword = "4.0.1" rpassword = "4.0.1"
envy = "0.4.0"
[profile.release] [profile.release]

29
src/config.rs
View File

@ -8,9 +8,36 @@ use std::collections::HashMap;
use std::env; use std::env;
use std::fs::File; use std::fs::File;
use std::io::Read; use std::io::Read;
use std::path::PathBuf; use std::path::{PathBuf, Path};
use std::process::Command; use std::process::Command;
#[derive(Debug, Deserialize, Serialize)]
pub struct EnvConfig {
credential_id: String,
uuid: String,
salt: String,
mapper_name: String,
password_helper: String
}
impl Into<Config> for EnvConfig {
fn into(self) -> Config {
Config{
credential_id: self.credential_id,
device: format!("/dev/disk/by-uuid/{}", self.uuid).into(),
mapper_name: self.mapper_name,
password_helper: PasswordHelper::Script(self.password_helper),
input_salt: if PathBuf::from(&self.salt).exists() {
InputSalt::File { path: self.salt.into() }
} else {
InputSalt::AskPassword
}
}
}
}
#[derive(Debug, Deserialize, Serialize)] #[derive(Debug, Deserialize, Serialize)]
pub struct Config { pub struct Config {
pub credential_id: String, pub credential_id: String,

25
src/main.rs
View File

@ -17,7 +17,7 @@ use luks::device::Error::CryptsetupError;
use std::collections::HashMap; use std::collections::HashMap;
use std::env; use std::env;
use std::io::{self, Write}; use std::io::{self, stdout, Write};
use std::path::PathBuf; use std::path::PathBuf;
use std::process::exit; use std::process::exit;
@ -84,26 +84,33 @@ fn open(conf: &Config, secret: &[u8; 32]) -> Fido2LuksResult<()> {
fn main() -> Fido2LuksResult<()> { fn main() -> Fido2LuksResult<()> {
let args: Vec<_> = env::args().skip(1).collect(); //Ignore program name -> Vec let args: Vec<_> = env::args().skip(1).collect(); //Ignore program name -> Vec
let env = env::vars().collect::<HashMap<_, _>>(); let env = env::vars().collect::<HashMap<_, _>>();
let conf = Config::load_default_location()?;
let secret = || -> Fido2LuksResult<[u8; 32]> {
let salt = conf.input_salt.obtain(&conf.password_helper)?;
Ok(assemble_secret(
&perform_challenge(&conf.credential_id, &salt)?,
&salt,
))
};
if args.is_empty() { if args.is_empty() {
let conf = Config::load_default_location()?;
let salt = conf.input_salt.obtain(&conf.password_helper)?; let salt = conf.input_salt.obtain(&conf.password_helper)?;
dbg!(hex::encode(&salt)); dbg!(hex::encode(&salt));
let secret = {
let salt = conf.input_salt.obtain(&conf.password_helper)?;
assemble_secret(&perform_challenge(&conf.credential_id, &salt)?, &salt)
};
if env.contains_key("CRYPTTAB_NAME") { if env.contains_key("CRYPTTAB_NAME") {
//Indicates that this script is being run as keyscript //Indicates that this script is being run as keyscript
open(&conf, &secret) let mut out = stdout();
out.write(&secret()?)?;
Ok(out.flush()?)
} else { } else {
io::stdout().write(&secret)?; io::stdout().write(&secret()?)?;
Ok(io::stdout().flush()?) Ok(io::stdout().flush()?)
} }
} else { } else {
match args.first().map(|s| s.as_ref()).unwrap() { match args.first().map(|s| s.as_ref()).unwrap() {
"addkey" => add_key_to_luks(&Config::load_default_location()?).map(|_| ()), "addkey" => add_key_to_luks(&Config::load_default_location()?).map(|_| ()),
"setup" => setup(), "setup" => setup(),
"open" if args.get(1).map(|a| &*a == "-e").unwrap_or(false) => open(&envy::prefixed("FIDO2LUKS_").from_env::<EnvConfig>().expect("Missing env config values").into(), &secret()?),
"open" => open(&conf, &secret()?),
"connected" => match authenticator_connected()? { "connected" => match authenticator_connected()? {
false => { false => {
println!("no"); println!("no");