From 84ffd1fb949bf76fda233cf5af6bc81915a15d21 Mon Sep 17 00:00:00 2001
From: shimunn <shimun@shimun.net>
Date: Fri, 20 Sep 2019 14:49:15 +0200
Subject: [PATCH] addkey exclusive

---
 Cargo.lock  | 23 ++++++++++++-----------
 Cargo.toml  |  6 ++++--
 src/cli.rs  | 10 +++++++++-
 src/main.rs |  2 +-
 4 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 5f7d599..c2126fb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -32,8 +32,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
 name = "blkid-rs"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
+version = "0.1.1"
+source = "git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy#2f3e0e20a4619e09750e759c96286f32c2baa2fa"
 dependencies = [
  "byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "uuid 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -74,12 +74,12 @@ dependencies = [
 [[package]]
 name = "cryptsetup-rs"
 version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
+source = "git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy#2f3e0e20a4619e09750e759c96286f32c2baa2fa"
 dependencies = [
- "blkid-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "blkid-rs 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
  "errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
- "libcryptsetup-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libcryptsetup-sys 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
  "log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
  "uuid 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
 ]
@@ -152,11 +152,12 @@ dependencies = [
 name = "fido2luks"
 version = "0.1.0"
 dependencies = [
- "cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "cryptsetup-rs 0.2.0 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
  "ctap 0.1.0 (git+https://github.com/shimunn/ctap.git?branch=hmac_ext)",
  "envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
  "hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libcryptsetup-sys 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
  "rpassword 4.0.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
  "serde 1.0.100 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -196,8 +197,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 
 [[package]]
 name = "libcryptsetup-sys"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
+version = "0.1.1"
+source = "git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy#2f3e0e20a4619e09750e759c96286f32c2baa2fa"
 dependencies = [
  "libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
  "pkg-config 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -557,13 +558,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum backtrace 0.3.37 (registry+https://github.com/rust-lang/crates.io-index)" = "5180c5a20655b14a819b652fd2378fa5f1697b6c9ddad3e695c2f9cedf6df4e2"
 "checksum backtrace-sys 0.1.31 (registry+https://github.com/rust-lang/crates.io-index)" = "82a830b4ef2d1124a711c71d263c5abdc710ef8e907bd508c88be475cebc422b"
 "checksum bitflags 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3d155346769a6855b86399e9bc3814ab343cd3d62c7e985113d46a0ec3c281fd"
-"checksum blkid-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9bc207ca2ccb5bdf3b3e43be52a4afa0eca780851fb80733d28bd3688bead5c6"
+"checksum blkid-rs 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)" = "<none>"
 "checksum byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a7c3dd8985a7111efc5c80b44e23ecdd8c007de8ade3b96595387e812b957cf5"
 "checksum cbor-codec 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e083a023562b37c52837e850131a51b1154cceb9d149f41ee3d386737b140f46"
 "checksum cc 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)" = "4fc9a35e1f4290eb9e5fc54ba6cf40671ed2a2514c3eeb2b2a908dda2ea5a1be"
 "checksum cfg-if 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "b486ce3ccf7ffd79fdeb678eac06a9e6c09fc88d33836340becb8fffe87c5e33"
 "checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f"
-"checksum cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9da293bc97d0ccf0f53e440537dc2dd945eaa79642997685a1c0664062ef0a29"
+"checksum cryptsetup-rs 0.2.0 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)" = "<none>"
 "checksum ctap 0.1.0 (git+https://github.com/shimunn/ctap.git?branch=hmac_ext)" = "<none>"
 "checksum envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "261b836bcf13f42a01c70351f56bd7b66db6e6fb58352bd214cb77e9269a34b4"
 "checksum errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2a071601ed01b988f896ab14b95e67335d1eeb50190932a1320f7fe3cadc84e"
@@ -576,7 +577,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "501266b7edd0174f8530248f87f99c88fbe60ca4ef3dd486835b8d8d53136f7f"
 "checksum lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
 "checksum libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)" = "34fcd2c08d2f832f376f4173a231990fa5aef4e99fb569867318a227ef4c06ba"
-"checksum libcryptsetup-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "321aea95b53514a18b523f544cdb7bc785adec1f0a7e207df611677f9b934ddd"
+"checksum libcryptsetup-sys 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)" = "<none>"
 "checksum log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)" = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7"
 "checksum num-derive 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)" = "eafd0b45c5537c3ba526f79d3e75120036502bebacbb3f3220914067ce39dbf2"
 "checksum num-traits 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "6ba9a427cfca2be13aa6f6403b0b7e7368fe982bfa16fccc450ce74c46cd9b32"
diff --git a/Cargo.toml b/Cargo.toml
index be44ea6..eee27c1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,7 +6,10 @@ edition = "2018"
 
 [dependencies]
 ctap = { git = "https://github.com/shimunn/ctap.git", branch = "hmac_ext" }
-cryptsetup-rs = "0.2.0"
+#cryptsetup-rs = "0.2.0"
+cryptsetup-rs = { git = "https://github.com/shimunn/cryptsetup-rs.git", branch = "destroy" }
+libcryptsetup-sys = { git = "https://github.com/shimunn/cryptsetup-rs.git", branch = "destroy" }
+
 hex = "0.3.2"
 rust-crypto = "0.2.36"
 failure = "0.1.5"
@@ -16,7 +19,6 @@ serde_json = "1.0.40"
 rpassword = "4.0.1"
 envy = "0.4.0"
 
-
 [profile.release]
 lto = true
 opt-level = 'z'
diff --git a/src/cli.rs b/src/cli.rs
index e988d27..123e529 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -4,6 +4,7 @@ use crate::*;
 use cryptsetup_rs as luks;
 use cryptsetup_rs::api::{CryptDeviceHandle, CryptDeviceOpenBuilder, Luks1Params};
 use cryptsetup_rs::{Luks1CryptDevice, CryptDevice};
+use libcryptsetup_sys::crypt_keyslot_info;
 use ctap;
 use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
 use ctap::FidoDevice;
@@ -78,7 +79,7 @@ pub fn setup() -> Fido2LuksResult<()> {
     Ok(())
 }
 
-pub fn add_key_to_luks(device: PathBuf, secret: &[u8; 32]) -> Fido2LuksResult<u8> {
+pub fn add_key_to_luks(device: PathBuf, secret: &[u8; 32], exclusive: bool) -> Fido2LuksResult<u8> {
     fn offer_format(
         _dev: CryptDeviceOpenBuilder,
     ) -> Fido2LuksResult<CryptDeviceHandle<Luks1Params>> {
@@ -114,6 +115,13 @@ pub fn add_key_to_luks(device: PathBuf, secret: &[u8; 32]) -> Fido2LuksResult<u8
     };
     handle.set_iteration_time(50);
     let slot = handle.add_keyslot(secret, prev_key.as_ref().map(|b| b.as_slice()), None)?;
+    if exclusive {
+        for old_slot in  0..8u8 {
+            if old_slot != slot &&  (handle.keyslot_status(old_slot.into()) == crypt_keyslot_info::CRYPT_SLOT_ACTIVE || handle.keyslot_status(old_slot.into()) == crypt_keyslot_info::CRYPT_SLOT_ACTIVE_LAST)  {
+                handle.destroy_keyslot(old_slot)?;
+            }
+        }
+    }
     Ok(slot)
 }
 
diff --git a/src/main.rs b/src/main.rs
index 97d66da..3efcf48 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -143,7 +143,7 @@ fn main() -> Fido2LuksResult<()> {
             conf.device = conf.device.or(Some(device.to_string()));
             let slot = add_key_to_luks(
                 conf.device.as_ref().unwrap().into(),
-                &secret_from_env_config(&conf)?,
+                &secret_from_env_config(&conf)?, true
             )?;
             println!("Added to key to device {}, slot: {}", device, slot);
             Ok(())