refractor

2019-09-17 14:27:42 +02:00
parent f7b7617e0e
commit 4679e939cf
7 changed files with 359 additions and 202 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -25,6 +25,11 @@ dependencies = [
 "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 [[package]]
 name = "bitflags"
 version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 [[package]]
 name = "bitflags"
 version = "1.1.0"
@@ -101,6 +106,16 @@ dependencies = [
 "untrusted 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 [[package]]
 name = "errno"
 version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
 "kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
 "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 [[package]]
 name = "errno"
 version = "0.2.4"
@@ -148,6 +163,7 @@ dependencies = [
 "ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)",
 "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
 "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
 "keyutils 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
 "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
 "serde 1.0.100 (registry+https://github.com/rust-lang/crates.io-index)",
 "serde_derive 1.0.100 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -174,6 +190,25 @@ name = "itoa"
 version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 [[package]]
 name = "kernel32-sys"
 version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
 "winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)",
 "winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 [[package]]
 name = "keyutils"
 version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 dependencies = [
 "bitflags 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
 "errno 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)",
 "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@@ -514,6 +549,11 @@ dependencies = [
 "rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 [[package]]
 name = "winapi"
 version = "0.2.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 [[package]]
 name = "winapi"
 version = "0.3.8"
@@ -523,6 +563,11 @@ dependencies = [
 "winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
 [[package]]
 name = "winapi-build"
 version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 [[package]]
 name = "winapi-i686-pc-windows-gnu"
 version = "0.4.0"
@@ -537,6 +582,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum autocfg 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "b671c8fb71b457dd4ae18c4ba1e59aa81793daacc361d82fcd410cef0d491875"
 "checksum backtrace 0.3.37 (registry+https://github.com/rust-lang/crates.io-index)" = "5180c5a20655b14a819b652fd2378fa5f1697b6c9ddad3e695c2f9cedf6df4e2"
 "checksum backtrace-sys 0.1.31 (registry+https://github.com/rust-lang/crates.io-index)" = "82a830b4ef2d1124a711c71d263c5abdc710ef8e907bd508c88be475cebc422b"
 "checksum bitflags 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "32866f4d103c4e438b1db1158aa1b1a80ee078e5d77a59a2f906fd62a577389c"
 "checksum bitflags 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3d155346769a6855b86399e9bc3814ab343cd3d62c7e985113d46a0ec3c281fd"
 "checksum blkid-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9bc207ca2ccb5bdf3b3e43be52a4afa0eca780851fb80733d28bd3688bead5c6"
 "checksum byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a7c3dd8985a7111efc5c80b44e23ecdd8c007de8ade3b96595387e812b957cf5"
@@ -546,6 +592,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f"
 "checksum cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9da293bc97d0ccf0f53e440537dc2dd945eaa79642997685a1c0664062ef0a29"
 "checksum ctap 0.1.0 (git+https://git.shimun.net/shimun/ctap.git?branch=hmac_ext)" = "<none>"
 "checksum errno 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "1e2b2decb0484e15560df3210cf0d78654bb0864b2c138977c07e377a1bae0e2"
 "checksum errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2a071601ed01b988f896ab14b95e67335d1eeb50190932a1320f7fe3cadc84e"
 "checksum errno-dragonfly 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "14ca354e36190500e1e1fb267c647932382b54053c50b14970856c0b00a35067"
 "checksum failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "795bd83d3abeb9220f257e597aa0080a508b27533824adf336529648f6abf7e2"
@@ -554,6 +601,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum gcc 0.3.55 (registry+https://github.com/rust-lang/crates.io-index)" = "8f5f3913fa0bfe7ee1fd8248b6b9f42a5af4b9d65ec2dd2c3c26132b950ecfc2"
 "checksum hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "805026a5d0141ffc30abb3be3173848ad46a1b1664fe632428479619a3644d77"
 "checksum itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "501266b7edd0174f8530248f87f99c88fbe60ca4ef3dd486835b8d8d53136f7f"
 "checksum kernel32-sys 0.2.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d"
 "checksum keyutils 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "cbdbe7849bedbbb4f1437a790f6029372d8c400d1ca2d9ead8fb2d3057ccb2cc"
 "checksum lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 "checksum libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)" = "34fcd2c08d2f832f376f4173a231990fa5aef4e99fb569867318a227ef4c06ba"
 "checksum libcryptsetup-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "321aea95b53514a18b523f544cdb7bc785adec1f0a7e207df611677f9b934ddd"
@@ -595,6 +644,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum unicode-xid 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "826e7639553986605ec5979c7dd957c7895e93eabed50ab2ffa7f6128a75097c"
 "checksum untrusted 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "55cd1f4b4e96b46aeb8d4855db4a7a9bd96eeeb5c6a1ab54593328761642ce2f"
 "checksum uuid 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)" = "e1436e58182935dcd9ce0add9ea0b558e8a87befe01c1a301e6020aeb0876363"
 "checksum winapi 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "167dc9d6949a9b857f3451275e911c3f44255842c1f7a76f33c55103a909087a"
 "checksum winapi 0.3.8 (registry+https://github.com/rust-lang/crates.io-index)" = "8093091eeb260906a183e6ae1abdba2ef5ef2257a21801128899c3fc699229c6"
 "checksum winapi-build 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2d315eee3b34aca4797b2da6b13ed88266e6d612562a0c46390af8299fc699bc"
 "checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 "checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -13,8 +13,10 @@ failure = "0.1.5"
 serde_derive = "1.0.100"
 serde = "1.0.100"
 serde_json = "1.0.40"
 keyutils = "0.2.1"
 [profile.release]
 lto = true
 opt-level = 'z'
 panic = 'abort'
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -0,0 +1,92 @@
 use crate::error::*;
 use crate::*;
 use cryptsetup_rs as luks;
 use cryptsetup_rs::api::{CryptDeviceHandle, CryptDeviceOpenBuilder, Luks1Params};
 use cryptsetup_rs::Luks1CryptDevice;
 use ctap;
 use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
 use ctap::FidoDevice;
 use std::fs::File;
 use std::io::{self, Read, Seek, Write};
 use std::path::Path;
 pub fn setup() -> Fido2LuksResult<()> {
    let mut config = Config::default();
    let save_config = |c: &Config| {
        File::create("fido2luks.json")
            .expect("Failed to save config")
            .write_all(serde_json::to_string_pretty(c).unwrap().as_bytes())
            .expect("Failed to save config");
    };
    fn ask_bool(q: &str) -> bool {
        ask_str(&format!("{} (y/n)", q)).expect("Failed to read from stdin") == "y"
    }
    println!("1. Generating a credential");
    let mut ccred: Option<FidoHmacCredential> = None;
    for di in ctap::get_devices().expect("Failed to query USB for 2fa devices") {
        let mut dev = FidoDevice::new(&di).expect("Failed to open 2fa device");
        match dev.make_hmac_credential() {
            Ok(cred) => {
                ccred = Some(cred);
                break;
            }
            Err(_e) => println!("Failed to to obtain credential trying next device(if applicable)"),
        }
    }
    config.credential_id = hex::encode(ccred.expect("No credential could be obtained").id);
    save_config(&config);
    loop {
        let device = ask_str("Path to your luks device: ").expect("Failed to read from stdin");;
        if Path::new(&device).exists()
            || ask_bool(&format!("{} does not exist, save anyway?", device))
        {
            config.device = device.into();
            break;
        }
    }
    save_config(&config);
    config.mapper_name = ask_str("Name for decrypted disk: ").expect("Failed to read from stdin");;
    save_config(&config);
    println!("Config saved to: fido2luks.json");
    Ok(())
 }
 pub fn add_key_to_luks(conf: &Config) -> Fido2LuksResult<u8> {
    fn offer_format(
        _dev: CryptDeviceOpenBuilder,
    ) -> Fido2LuksResult<CryptDeviceHandle<Luks1Params>> {
        unimplemented!()
    }
    let dev = || -> luks::device::Result<CryptDeviceOpenBuilder> {
        luks::open(&conf.device.canonicalize()?)
    };
    let mut handle = match dev()?.luks1() {
        Ok(handle) => handle,
        Err(luks::device::Error::BlkidError(_)) => offer_format(dev()?)?,
        Err(luks::device::Error::CryptsetupError(errno)) => {
            //if i32::from(errno) == 555
            dbg!(errno);
            offer_format(dev()?)?
        } //TODO: find correct errorno and offer to format as luks
        err => err?,
    };
    let secret = {
        let salt = conf.input_salt.obtain(&conf.password_helper)?;
        assemble_secret(&perform_challenge(&conf.credential_id, &salt)?, &salt)
    };
    dbg!("Adding key");
    let slot = handle.add_keyslot(&secret, None, None)?;
    Ok(slot)
 }
--- a/src/config.rs
+++ b/src/config.rs
@@ -0,0 +1,133 @@
 use crate::error::*;
 use crate::*;
 use crypto::digest::Digest;
 use crypto::sha2::Sha256;
 use serde_derive::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::env;
 use std::fs::File;
 use std::io::Read;
 use std::path::PathBuf;
 use std::process::Command;
 #[derive(Debug, Deserialize, Serialize)]
 pub struct Config {
    pub credential_id: String,
    pub input_salt: InputSalt,
    pub device: PathBuf,
    pub mapper_name: String,
    pub password_helper: PasswordHelper,
 }
 impl Config {
    pub fn load_default_location() -> Fido2LuksResult<Config> {
        Self::load_config(
            &mut File::open(
                env::vars()
                    .collect::<HashMap<_, _>>()
                    .get("FIDO2LUKS_CONFIG")
                    .unwrap_or(&"/etc/fido2luks.json".to_owned()),
            )
            .or(File::open("fido2luks.json"))?,
        )
    }
    pub fn load_config(reader: &mut dyn Read) -> Fido2LuksResult<Config> {
        let mut conf_str = String::new();
        reader.read_to_string(&mut conf_str)?;
        Ok(serde_json::from_str(&conf_str)?)
    }
 }
 impl Default for Config {
    fn default() -> Self {
        Config {
            credential_id: "<required>".into(),
            input_salt: Default::default(),
            device: "/dev/some-vg/<volume>".into(),
            mapper_name: "2fa-secured-luks".into(),
            password_helper: PasswordHelper::default(),
        }
    }
 }
 #[derive(Debug, Deserialize, Serialize)]
 pub enum InputSalt {
    AskPassword,
    File { path: PathBuf },
    Both { path: PathBuf },
 }
 impl Default for InputSalt {
    fn default() -> Self {
        InputSalt::AskPassword
    }
 }
 impl InputSalt {
    pub fn obtain(&self, password_helper: &PasswordHelper) -> Fido2LuksResult<[u8; 32]> {
        let mut digest = Sha256::new();
        match self {
            InputSalt::File { path } => {
                let mut do_io = || {
                    let mut reader = File::open(path)?;
                    let mut buf = [0u8; 512];
                    loop {
                        let red = reader.read(&mut buf)?;
                        digest.input(&buf[0..red]);
                        if red == 0 {
                            break;
                        }
                    }
                    Ok(())
                };
                do_io().map_err(|cause| Fido2LuksError::KeyfileError { cause })?;
            }
            InputSalt::AskPassword => {
                digest.input(password_helper.obtain()?.as_bytes());
            }
            InputSalt::Both { path } => {
                digest.input(&InputSalt::AskPassword.obtain(password_helper)?);
                digest.input(&InputSalt::File { path: path.clone() }.obtain(password_helper)?)
            }
        }
        let mut salt = [0u8; 32];
        digest.result(&mut salt);
        Ok(salt)
    }
 }
 #[derive(Debug, Deserialize, Serialize)]
 pub enum PasswordHelper {
    Script(String),
    Systemd,
    Stdin,
 }
 impl Default for PasswordHelper {
    fn default() -> Self {
        PasswordHelper::Script("plymouth ask-for-password".into())
    }
 }
 impl PasswordHelper {
    pub fn obtain(&self) -> Fido2LuksResult<String> {
        use PasswordHelper::*;
        match self {
            Systemd => unimplemented!(),
            Stdin => Ok(ask_str("Password: ")?),
            Script(password_helper) => {
                let mut helper_parts = password_helper.split(" ");
                let password = Command::new((&mut helper_parts).next().unwrap())
                    .args(helper_parts)
                    .output()
                    .map_err(|e| Fido2LuksError::AskPassError { cause: e })?
                    .stdout;
                Ok(String::from_utf8(password)?)
            }
        }
    }
 }
--- a/src/error.rs
+++ b/src/error.rs
@@ -21,8 +21,11 @@ pub enum Fido2LuksError {
    ConfigurationError { cause: serde_json::error::Error },
    #[fail(display = "the submitted secret is not applicable to this luks device")]
    WrongSecret,
    #[fail(display = "not an utf8 string")]
    StringEncodingError { cause: FromUtf8Error },
 }
 use std::string::FromUtf8Error;
 use Fido2LuksError::*;
 impl From<FidoError> for Fido2LuksError {
@@ -48,3 +51,9 @@ impl From<serde_json::error::Error> for Fido2LuksError {
        ConfigurationError { cause: e }
    }
 }
 impl From<FromUtf8Error> for Fido2LuksError {
    fn from(e: FromUtf8Error) -> Self {
        StringEncodingError { cause: e }
    }
 }
--- a/src/keystore.rs
+++ b/src/keystore.rs
@@ -0,0 +1,17 @@
 use keyutils::Keyring;
 fn get_passphrase() -> Vec<u8> {
    Keyring::request("user")
        .unwrap()
        .request_key("fido2luks")
        .unwrap()
        .read()
        .unwrap()
 }
 fn add_secret(secret: &[u8]) {
    Keyring::request("session")
        .unwrap()
        .add_key("cryptsetup", secret)
        .unwrap();
 }
--- a/src/main.rs
+++ b/src/main.rs
@@ -2,120 +2,29 @@
 extern crate failure;
 #[macro_use]
 extern crate serde_derive;
 use crate::cli::*;
 use crate::config::*;
 use crate::error::*;
 use crypto::digest::Digest;
 use crypto::sha2::Sha256;
 use cryptsetup_rs as luks;
-use cryptsetup_rs::api::{CryptDeviceHandle, CryptDeviceOpenBuilder, Luks1Params};
+
 use cryptsetup_rs::Luks1CryptDevice;
 use ctap;
 use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
 use ctap::FidoDevice;
 use luks::device::Error::CryptsetupError;
-use serde_derive::{Deserialize, Serialize};
+
 use std::collections::HashMap;
 use std::env;
 use std::fs::File;
 use std::io::{Read, Write};
 use std::path::{Path, PathBuf};
 use std::process::Command;
 use std::io::{self, Read, Seek, Write};
 use std::path::PathBuf;
 mod cli;
 mod config;
 mod error;
-
+mod keystore;
 #[derive(Debug, Deserialize, Serialize)]
 pub struct Config {
    pub credential_id: String,
    pub input_salt: InputSalt,
    pub device: PathBuf,
    pub mapper_name: String,
    pub password_helper: String,
 }
 impl Config {
    pub fn load_default_location() -> Fido2LuksResult<Config> {
        Self::load_config(
            &mut File::open(
                env::vars()
                    .collect::<HashMap<_, _>>()
                    .get("FIDO2LUKS_CONFIG")
                    .unwrap_or(&"/etc/fido2luks.json".to_owned()),
            )
            .or(File::open("fido2luks.json"))?,
        )
    }
    pub fn load_config(reader: &mut dyn Read) -> Fido2LuksResult<Config> {
        let mut conf_str = String::new();
        reader.read_to_string(&mut conf_str)?;
        Ok(serde_json::from_str(&conf_str)?)
    }
 }
 impl Default for Config {
    fn default() -> Self {
        Config {
            credential_id: "generate using solo key make-credential".into(),
            input_salt: Default::default(),
            device: "/dev/some-vg/my-volume".into(),
            mapper_name: "2fa-secured-luks".into(),
            password_helper: "/usr/bin/systemd-ask-password --no-tty --no-output --id='fido2luks' --keyname='fido2luks' 'Please enter second factor for LUKS disk encryption!'".into(),
        }
    }
 }
 #[derive(Debug, Deserialize, Serialize)]
 pub enum InputSalt {
    AskPassword,
    File { path: PathBuf },
    Both { path: PathBuf },
 }
 impl Default for InputSalt {
    fn default() -> Self {
        InputSalt::AskPassword
    }
 }
 impl InputSalt {
    fn obtain(&self, password_helper: &str) -> Fido2LuksResult<[u8; 32]> {
        let mut digest = Sha256::new();
        match self {
            InputSalt::File { path } => {
                let mut do_io = || {
                    let mut reader = File::open(path)?;
                    let mut buf = [0u8; 512];
                    loop {
                        let red = reader.read(&mut buf)?;
                        digest.input(&buf[0..red]);
                        if red == 0 {
                            break;
                        }
                    }
                    Ok(())
                };
                do_io().map_err(|cause| Fido2LuksError::KeyfileError { cause })?;
            }
            InputSalt::AskPassword => {
                let mut helper_parts = password_helper.split(" ");
                let password = Command::new((&mut helper_parts).next().unwrap())
                    .args(helper_parts)
                    .output()
                    .map_err(|e| Fido2LuksError::AskPassError { cause: e })?
                    .stdout;
                digest.input(&password);
            }
            InputSalt::Both { path } => {
                digest.input(&InputSalt::AskPassword.obtain(password_helper)?);
                digest.input(&InputSalt::File { path: path.clone() }.obtain(password_helper)?)
            }
        }
        let mut salt = [0u8; 32];
        digest.result(&mut salt);
        Ok(salt)
    }
 }
 fn open_container(device: &PathBuf, name: &str, secret: &[u8; 32]) -> Fido2LuksResult<()> {
    let mut handle = luks::open(device.canonicalize()?)?.luks1()?;
@@ -151,107 +60,16 @@ fn assemble_secret(hmac_result: &[u8], salt: &[u8]) -> [u8; 32] {
    digest.result(&mut secret);
    secret
 }
-
+fn ask_str(q: &str) -> Fido2LuksResult<String> {
-fn setup() -> Fido2LuksResult<()> {
+    let stdin = io::stdin();
    let mut config = Config::default();
    let save_config = |c: &Config| {
        File::create("fido2luks.json")
            .expect("Failed to save config")
            .write_all(serde_json::to_string_pretty(c).unwrap().as_bytes())
            .expect("Failed to save config");
    };
    fn ask_str(q: &str) -> String {
        let stdin = std::io::stdin();
    let mut s = String::new();
    print!("{}", q);
-        std::io::stdout()
+    io::stdout().flush()?;
-            .flush()
+    stdin.read_line(&mut s)?;
-            .ok()
+    Ok(s.trim().to_owned())
            .expect("Could not flush stdout");
        stdin.read_line(&mut s).expect("Failed to read rom stdin");
        s.trim().to_owned()
 }
-    fn ask_bool(q: &str) -> bool {
+fn open(conf: &Config, secret: &[u8; 32]) -> Fido2LuksResult<()> {
        ask_str(&format!("{} (y/n)", q)) == "y"
    }
    println!("1. Generating a credential");
    let mut ccred: Option<FidoHmacCredential> = None;
    for di in ctap::get_devices().expect("Failed to query USB for 2fa devices") {
        let mut dev = FidoDevice::new(&di).expect("Failed to open 2fa device");
        match dev.make_hmac_credential() {
            Ok(cred) => {
                ccred = Some(cred);
                break;
            }
            Err(_e) => println!("Failed to to obtain credential trying next device(if applicable)"),
        }
    }
    config.credential_id = hex::encode(ccred.expect("No credential could be obtained").id);
    save_config(&config);
    loop {
        let device = ask_str("Path to your luks device: ");
        if Path::new(&device).exists()
            || ask_bool(&format!("{} does not exist, save anyway?", device))
        {
            config.device = device.into();
            break;
        }
    }
    save_config(&config);
    config.mapper_name = ask_str("Name for decrypted disk: ");
    save_config(&config);
    println!("Config saved to: fido2luks.json");
    Ok(())
 }
 fn add_key_to_luks(conf: &Config) -> Fido2LuksResult<u8> {
    fn offer_format(
        _dev: CryptDeviceOpenBuilder,
    ) -> Fido2LuksResult<CryptDeviceHandle<Luks1Params>> {
        unimplemented!()
    }
    let dev = || -> luks::device::Result<CryptDeviceOpenBuilder> {
        luks::open(&conf.device.canonicalize()?)
    };
    let mut handle = match dev()?.luks1() {
        Ok(handle) => handle,
        Err(luks::device::Error::BlkidError(_)) => offer_format(dev()?)?,
        Err(luks::device::Error::CryptsetupError(errno)) => {
            //if i32::from(errno) == 555
            dbg!(errno);
            offer_format(dev()?)?
        } //TODO: find correct errorno and offer to format as luks
        err => err?,
    };
    let secret = {
        let salt = conf.input_salt.obtain(&conf.password_helper)?;
        assemble_secret(&perform_challenge(&conf.credential_id, &salt)?, &salt)
    };
    dbg!("Adding key");
    let slot = handle.add_keyslot(&secret, None, None)?;
    Ok(slot)
 }
 fn open() -> Fido2LuksResult<()> {
    let conf = Config::load_default_location()?;
    let salt = conf.input_salt.obtain(&conf.password_helper)?;
    dbg!(hex::encode(&salt));
    let secret = {
        let salt = conf.input_salt.obtain(&conf.password_helper)?;
        assemble_secret(&perform_challenge(&conf.credential_id, &salt)?, &salt)
    };
    dbg!(hex::encode(&secret));
    match open_container(&conf.device, &conf.mapper_name, &secret) {
        Err(Fido2LuksError::LuksError {
@@ -262,10 +80,45 @@ fn open() -> Fido2LuksResult<()> {
    Ok(())
 }
 /*fn package_self() -> Fido2LuksResult<()> {
    let conf = Config::load_default_location()?;
    let binary_path: PathBuf = env::args().next().unwrap().into();
    let mut me = File::open(binary_path)?;
    me.seek(io::SeekFrom::End(("config".as_bytes().len() * -1) as i64 - 4))?;
    let conf_len = me.read_u32()?;
    let mut buf = vec![0u8; 512];
    me.read(&mut buf[0..6])?;
    if String::from_utf8((&buf[0..6]).iter().collect()).map(|s| &s == "config").unwrap_or(false) {
    }
    Ok(())
 }*/
 fn main() -> Fido2LuksResult<()> {
    let args: Vec<_> = env::args().skip(1).collect(); //Ignore program name -> Vec
    let env = env::vars().collect::<HashMap<_, _>>();
    if args.is_empty() {
-        open()
+        let conf = Config::load_default_location()?;
        let salt = conf.input_salt.obtain(&conf.password_helper)?;
        dbg!(hex::encode(&salt));
        let secret = {
            let salt = conf.input_salt.obtain(&conf.password_helper)?;
            assemble_secret(&perform_challenge(&conf.credential_id, &salt)?, &salt)
        };
        if env.contains_key("CRYPTTAB_NAME") {
            //Indicates that this script is being run as keyscript
            open(&conf, &secret)
        } else {
            io::stdout().write(&secret)?;
            Ok(io::stdout().flush()?)
        }
    } else {
        match args.first().map(|s| s.as_ref()).unwrap() {
            "addkey" => add_key_to_luks(&Config::load_default_location()?).map(|_| ()),
@@ -273,7 +126,7 @@ fn main() -> Fido2LuksResult<()> {
            _ => {
                eprintln!("Usage: setup | addkey");
                Ok(())
-            }
+            } //"selfcontain" => package_self()
        }
    }
 }