shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

Merge branch 'master' into HEAD
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details

Browse Source
This commit is contained in:
shimun
2021-03-01 20:03:06 +01:00
parent 39b90d27b7 7e6b33ae7f
commit 534d36bb13
8 changed files with 548 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/cli.rs
View File

@@ -155,6 +155,12 @@ pub fn parse_cmdline() -> Args {
Args::from_args()
}
pub fn prompt_interaction(interactive: bool) {
if interactive {
println!("Authorize using your FIDO device");
}
}
pub fn run_cli() -> Fido2LuksResult<()> {
let mut stdout = io::stdout();
let args = parse_cmdline();
@@ -163,6 +169,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
eprintln!("{}", &*message());
}
};
let interactive = args.interactive;
match &args.command {
Command::Credential {
authenticator,
@@ -214,8 +221,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
.join(", ")
)
});
prompt_interaction(interactive);
let (secret, cred) = derive_secret(
credentials.as_slice(),
&credentials,
&salt,
authenticator.await_time,
pin.as_deref(),
@@ -291,6 +299,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
fido_device: true, ..
} => {
let (pin, salt) = inputs(salt_q, verify)?;
prompt_interaction(interactive);
Ok(derive_secret(
&credentials,
&salt,
@@ -305,10 +314,12 @@ pub fn run_cli() -> Fido2LuksResult<()> {
)),
}
};
let secret = |verify: bool,
let secret = |q: &str,
verify: bool,
credentials: &[HexEncoded]|
-> Fido2LuksResult<([u8; 32], FidoCredential)> {
let (pin, salt) = inputs("Password", verify)?;
let (pin, salt) = inputs(q, verify)?;
prompt_interaction(interactive);
derive_secret(credentials, &salt, authenticator.await_time, pin.as_deref())
};
// Non overlap
@@ -338,9 +349,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
)
});
let creds = vec![HexEncoded(cred.id)];
secret(true, &creds)
secret("Password to be added", true, &creds)
} else {
secret(true, &credentials)
secret("Password to be added", true, &credentials)
}?;
log(&|| format!("credential used: {}", hex::encode(&cred.id)));
let added_slot = luks_dev.add_key(
@@ -373,7 +384,8 @@ pub fn run_cli() -> Fido2LuksResult<()> {
remove_cred,
..
} => {
let (existing_secret, _prev_cred) = secret(false, &credentials)?;
let (existing_secret, _prev_cred) =
secret("Current password", false, &credentials)?;
let (replacement_secret, cred) = other_secret("Replacement password", true)?;
let slot = if *add_password {
luks_dev.add_key(
@@ -429,6 +441,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
// Cow shouldn't be necessary
let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
let (pin, salt) = inputs("Password", false)?;
prompt_interaction(interactive);
derive_secret(
credentials.as_ref(),
&salt,
@@ -489,7 +502,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
if cause.kind() == FidoErrorKind::Timeout && retries > 0 => {}
e => return Err(e),
}
};
retries -= 1;
eprintln!("{}", e);
}