shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

use develop version

Browse Source
This commit is contained in:
shimun
2022-04-04 10:57:57 +02:00
parent 4e986b8f05
commit 7daa5a3fdb
4 changed files with 56 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/cli.rs
View File

@@ -11,7 +11,6 @@ use std::io::Write;
use std::iter::FromIterator;
use std::path::Path;
use std::str::FromStr;
use std::thread;
use std::time::Duration;
use std::time::SystemTime;
use structopt::clap::Shell;

66
src/device.rs
View File

@@ -2,17 +2,16 @@ use crate::error::*;
use crate::util;
use ctap_hid_fido2;
use ctap_hid_fido2::HidParam;
use ctap_hid_fido2::get_assertion_params;
use ctap_hid_fido2::get_assertion_with_args;
use ctap_hid_fido2::fidokey::get_assertion::get_assertion_params;
use ctap_hid_fido2::fidokey::make_credential::make_credential_params;
use ctap_hid_fido2::fidokey::GetAssertionArgsBuilder;
use ctap_hid_fido2::fidokey::MakeCredentialArgsBuilder;
use ctap_hid_fido2::get_fidokey_devices;
use ctap_hid_fido2::get_info;
use ctap_hid_fido2::make_credential_params;
use ctap_hid_fido2::public_key_credential_descriptor::PublicKeyCredentialDescriptor;
use ctap_hid_fido2::public_key_credential_user_entity::PublicKeyCredentialUserEntity;
use ctap_hid_fido2::GetAssertionArgsBuilder;
use ctap_hid_fido2::FidoKeyHid;
use ctap_hid_fido2::HidInfo;
use ctap_hid_fido2::LibCfg;
use ctap_hid_fido2::MakeCredentialArgsBuilder;
use std::time::Duration;
const RP_ID: &str = "fido2luks";
@@ -42,14 +41,23 @@ pub fn make_credential_id(
name,
));
}
let resp = ctap_hid_fido2::make_credential_with_args(&lib_cfg(), &req.build())?;
Ok(resp.credential_descriptor)
let devices = get_devices()?;
let mut err: Option<Fido2LuksError> = None;
let req = req.build();
for dev in devices {
let handle = FidoKeyHid::new(&vec![dev.param], &lib_cfg()).unwrap();
match handle.make_credential_with_args(&req) {
Ok(resp) => return Ok(resp.credential_descriptor),
Err(e) => err = Some(e.into()),
}
}
Err(err.unwrap_or(Fido2LuksError::NoAuthenticatorError))
}
pub fn perform_challenge<'a>(
credentials: &'a [&'a PublicKeyCredentialDescriptor],
salt: &[u8; 32],
timeout: Duration,
_timeout: Duration,
pin: Option<&str>,
) -> Fido2LuksResult<([u8; 32], &'a PublicKeyCredentialDescriptor)> {
if credentials.is_empty() {
@@ -66,7 +74,7 @@ pub fn perform_challenge<'a>(
} else {
req = req.without_pin_and_uv();
}
let resp = get_assertion_with_args(&lib_cfg(), &req.build())?;
let process_response = |resp: Vec<get_assertion_params::Assertion>| -> Fido2LuksResult<([u8; 32], &'a PublicKeyCredentialDescriptor)> {
for att in resp {
for ext in att.extensions.iter() {
match ext {
@@ -84,20 +92,38 @@ pub fn perform_challenge<'a>(
_ => continue,
}
}
}
Err(Fido2LuksError::WrongSecret)
};
let devices = get_devices()?;
let mut err: Option<Fido2LuksError> = None;
let req = req.build();
for dev in devices {
let handle = FidoKeyHid::new(&vec![dev.param], &lib_cfg()).unwrap();
match handle.get_assertion_with_args(&req) {
Ok(resp) => return process_response(resp),
Err(e) => err = Some(e.into()),
}
}
//TODO: create fitting error
Err(Fido2LuksError::WrongSecret)
Err(err.unwrap_or(Fido2LuksError::NoAuthenticatorError))
}
pub fn may_require_pin() -> Fido2LuksResult<bool> {
let info = get_info(&lib_cfg())?;
let needs_pin = info
.options
.iter()
.any(|(name, val)| &name[..] == "clientPin" && *val);
Ok(needs_pin)
for dev in get_devices()? {
let dev = FidoKeyHid::new(&vec![dev.param], &lib_cfg()).unwrap();
let info = dev.get_info()?;
let needs_pin = info
.options
.iter()
.any(|(name, val)| &name[..] == "clientPin" && *val);
if needs_pin {
return Ok(true);
}
}
Ok(false)
}
pub fn get_devices() -> Fido2LuksResult<Vec<(String, HidParam)>> {
pub fn get_devices() -> Fido2LuksResult<Vec<HidInfo>> {
Ok(get_fidokey_devices())
}