From 581e1780d1bd02c0fbab9566da85a28de1ce5915 Mon Sep 17 00:00:00 2001 From: shimun Date: Sun, 10 Apr 2022 17:15:50 +0200 Subject: [PATCH] update ctap-hid --- Cargo.lock | 60 +++++++++++++++++++++++++-------------------------- src/cli.rs | 12 +++++++++-- src/device.rs | 14 +++++++----- 3 files changed, 49 insertions(+), 37 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c4b76fd..01cc4ac 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -255,7 +255,7 @@ dependencies = [ [[package]] name = "ctap-hid-fido2" version = "3.0.0" -source = "git+https://github.com/gebogebogebo/ctap-hid-fido2.git?branch=develop#a7b108e1fcafd38a10f990cf28a41fc06b27cd15" +source = "git+https://github.com/gebogebogebo/ctap-hid-fido2.git?branch=develop#a13d7174a5936f4ea3209b0d1341a2404c6f8302" dependencies = [ "aes", "anyhow", @@ -375,9 +375,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.5" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d39cd93900197114fa1fcb7ae84ca742095eed9442088988ae74fa744e930e77" +checksum = "9be70c98951c83b8d2f8f60d7065fa6d5146873094452a1008da8c2f1e4205ad" dependencies = [ "cfg-if", "libc", @@ -440,9 +440,9 @@ checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" [[package]] name = "hidapi" -version = "1.3.4" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2ec6bf425a5c3af047bb2a029de540a7d74cefa4761f14be67d7884dcd497b0" +checksum = "253bfb01a7a31d71212dc3e920540546fa4a4fe08e2d87fc3299c42bae7ee2f9" dependencies = [ "cc", "libc", @@ -463,9 +463,9 @@ checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" [[package]] name = "js-sys" -version = "0.3.56" +version = "0.3.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a38fc24e30fd564ce974c02bf1d337caddff65be6cc4735a1f7eab22a7440f04" +checksum = "671a26f820db17c2a2750743f1dd03bafd15b98c9f30c7c2628c024c05d73397" dependencies = [ "wasm-bindgen", ] @@ -484,9 +484,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "libc" -version = "0.2.121" +version = "0.2.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efaa7b300f3b5fe8eb6bf21ce3895e1751d9665086af2d64b42f19701015ff4f" +checksum = "ec647867e2bf0772e28c8bcde4f0d19a9216916e890543b5a03ed8ef27b8f259" [[package]] name = "libcryptsetup-rs" @@ -512,7 +512,7 @@ dependencies = [ "bindgen", "cc", "pkg-config", - "semver 1.0.6", + "semver 1.0.7", ] [[package]] @@ -707,9 +707,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.24" +version = "0.3.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58893f751c9b0412871a09abd62ecd2a00298c6c83befa223ef98c52aef40cbe" +checksum = "1df8c4ec4b0627e53bdf214615ad287367e482558cf84b109250b37464dc03ae" [[package]] name = "proc-macro-error" @@ -737,9 +737,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7342d5883fbccae1cc37a2353b09c87c9b0f3afd73f5fb9bba687a1f733b029" +checksum = "ec757218438d5fda206afc041538b2f6d889286160d649a86a24d37e1235afd1" dependencies = [ "unicode-xid", ] @@ -839,9 +839,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.6" +version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4a3381e03edd24287172047536f20cabde766e2cd3e65e6b00fb3af51c4f38d" +checksum = "d65bd28f48be7196d222d95b9243287f48d27aca604e08497513019ff0502cc4" [[package]] name = "semver-parser" @@ -953,9 +953,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.89" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea297be220d52398dcc07ce15a209fce436d361735ac1db700cab3b6cdfb9f54" +checksum = "b683b2b825c8eef438b77c36a06dc262294da3d5a5813fac20da149241dcd44d" dependencies = [ "proc-macro2", "quote", @@ -1095,9 +1095,9 @@ checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" [[package]] name = "wasm-bindgen" -version = "0.2.79" +version = "0.2.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25f1af7423d8588a3d840681122e72e6a24ddbcb3f0ec385cac0d12d24256c06" +checksum = "27370197c907c55e3f1a9fbe26f44e937fe6451368324e009cba39e139dc08ad" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -1105,9 +1105,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.79" +version = "0.2.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b21c0df030f5a177f3cba22e9bc4322695ec43e7257d865302900290bcdedca" +checksum = "53e04185bfa3a779273da532f5025e33398409573f348985af9a1cbf3774d3f4" dependencies = [ "bumpalo", "lazy_static", @@ -1120,9 +1120,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.79" +version = "0.2.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f4203d69e40a52ee523b2529a773d5ffc1dc0071801c87b3d270b471b80ed01" +checksum = "17cae7ff784d7e83a2fe7611cfe766ecf034111b49deb850a3dc7699c08251f5" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1130,9 +1130,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.79" +version = "0.2.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa8a30d46208db204854cadbb5d4baf5fcf8071ba5bf48190c3e59937962ebc" +checksum = "99ec0dc7a4756fffc231aab1b9f2f578d23cd391390ab27f952ae0c9b3ece20b" dependencies = [ "proc-macro2", "quote", @@ -1143,15 +1143,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.79" +version = "0.2.80" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d958d035c4438e28c70e4321a2911302f10135ce78a9c7834c0cab4123d06a2" +checksum = "d554b7f530dee5964d9a9468d95c1f8b8acae4f282807e7d27d4b03099a46744" [[package]] name = "web-sys" -version = "0.3.56" +version = "0.3.57" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c060b319f29dd25724f09a2ba1418f142f539b2be99fbf4d2d5a8f7330afb8eb" +checksum = "7b17e741662c70c8bd24ac5c5b18de314a2c26c32bf8346ee1e6f53de919c283" dependencies = [ "js-sys", "wasm-bindgen", diff --git a/src/cli.rs b/src/cli.rs index 400a596..26653e9 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -181,7 +181,7 @@ pub fn run_cli() -> Fido2LuksResult<()> { } else { None }; - let cred = make_credential_id(Some(name.as_ref()), pin)?; + let cred = make_credential_id(Some(name.as_ref()), pin, &[])?; println!("{}", hex::encode(&cred.id)); Ok(()) } @@ -332,7 +332,14 @@ pub fn run_cli() -> Fido2LuksResult<()> { generate_credential, .. } => { - let (existing_secret, _) = other_secret("Current password", false)?; + let (existing_secret, existing_credential) = + other_secret("Current password", false)?; + let excluded_credential = existing_credential.as_ref(); + let exclude_list = excluded_credential + .as_ref() + .map(core::slice::from_ref) + .unwrap_or_default(); + existing_credential.iter().for_each(|cred| log(&|| format!("using credential to unlock container: {}", hex::encode(&cred.id)))); let (new_secret, cred) = if *generate_credential && luks2 { let cred = make_credential_id( Some(derive_credential_name(luks.device.as_path()).as_str()), @@ -343,6 +350,7 @@ pub fn run_cli() -> Fido2LuksResult<()> { None }) .as_deref(), + dbg!(exclude_list), )?; log(&|| { format!( diff --git a/src/device.rs b/src/device.rs index 2a70bc2..8045fbd 100644 --- a/src/device.rs +++ b/src/device.rs @@ -2,6 +2,7 @@ use crate::error::*; use crate::util; use ctap_hid_fido2; +use ctap_hid_fido2::FidoKeyHidFactory; use ctap_hid_fido2::fidokey::get_assertion::get_assertion_params; use ctap_hid_fido2::fidokey::make_credential::make_credential_params; use ctap_hid_fido2::fidokey::GetAssertionArgsBuilder; @@ -9,7 +10,6 @@ use ctap_hid_fido2::fidokey::MakeCredentialArgsBuilder; use ctap_hid_fido2::get_fidokey_devices; use ctap_hid_fido2::public_key_credential_descriptor::PublicKeyCredentialDescriptor; use ctap_hid_fido2::public_key_credential_user_entity::PublicKeyCredentialUserEntity; -use ctap_hid_fido2::FidoKeyHid; use ctap_hid_fido2::HidInfo; use ctap_hid_fido2::LibCfg; use std::time::Duration; @@ -26,6 +26,7 @@ fn lib_cfg() -> LibCfg { pub fn make_credential_id( name: Option<&str>, pin: Option<&str>, + exclude: &[&PublicKeyCredentialDescriptor], ) -> Fido2LuksResult { let mut req = MakeCredentialArgsBuilder::new(RP_ID, &[]) .extensions(&[make_credential_params::Extension::HmacSecret(Some(true))]); @@ -34,6 +35,9 @@ pub fn make_credential_id( } else { req = req.without_pin_and_uv(); } + for cred in exclude { + req = req.exclude_authenticator(cred.id.as_ref()); + } if let Some(_) = name { req = req.rkparam(&PublicKeyCredentialUserEntity::new( Some(b"00"), @@ -45,7 +49,7 @@ pub fn make_credential_id( let mut err: Option = None; let req = req.build(); for dev in devices { - let handle = FidoKeyHid::new(&vec![dev.param], &lib_cfg()).unwrap(); + let handle = FidoKeyHidFactory::create_by_params(&vec![dev.param], &lib_cfg()).unwrap(); match handle.make_credential_with_args(&req) { Ok(resp) => return Ok(resp.credential_descriptor), Err(e) => err = Some(e.into()), @@ -100,7 +104,7 @@ pub fn perform_challenge<'a>( let mut err: Option = None; let req = req.build(); for dev in devices { - let handle = FidoKeyHid::new(&vec![dev.param], &lib_cfg()).unwrap(); + let handle = FidoKeyHidFactory::create_by_params(&vec![dev.param], &lib_cfg()).unwrap(); match handle.get_assertion_with_args(&req) { Ok(resp) => return process_response(resp), Err(e) => err = Some(e.into()), @@ -111,8 +115,8 @@ pub fn perform_challenge<'a>( pub fn may_require_pin() -> Fido2LuksResult { for dev in get_devices()? { - let dev = FidoKeyHid::new(&vec![dev.param], &lib_cfg()).unwrap(); - let info = dev.get_info()?; + let handle = FidoKeyHidFactory::create_by_params(&vec![dev.param], &lib_cfg()).unwrap(); + let info = handle.get_info()?; let needs_pin = info .options .iter()