addkey exclusive
This commit is contained in:
parent
8a9cf9019d
commit
84ffd1fb94
GPG Key ID:
E81D8382DC2F971B
23
Cargo.lock
generated
23
Cargo.lock
generated
@ -32,8 +32,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "blkid-rs"
|
||||
version = "0.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
version = "0.1.1"
|
||||
source = "git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy#2f3e0e20a4619e09750e759c96286f32c2baa2fa"
|
||||
dependencies = [
|
||||
"byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"uuid 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
@ -74,12 +74,12 @@ dependencies = [
|
||||
[[package]]
|
||||
name = "cryptsetup-rs"
|
||||
version = "0.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
source = "git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy#2f3e0e20a4619e09750e759c96286f32c2baa2fa"
|
||||
dependencies = [
|
||||
"blkid-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"blkid-rs 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
|
||||
"errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"libcryptsetup-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"libcryptsetup-sys 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
|
||||
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"uuid 0.6.5 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
]
|
||||
@ -152,11 +152,12 @@ dependencies = [
|
||||
name = "fido2luks"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"cryptsetup-rs 0.2.0 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
|
||||
"ctap 0.1.0 (git+https://github.com/shimunn/ctap.git?branch=hmac_ext)",
|
||||
"envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"failure 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"hex 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"libcryptsetup-sys 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)",
|
||||
"rpassword 4.0.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"rust-crypto 0.2.36 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"serde 1.0.100 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
@ -196,8 +197,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
|
||||
[[package]]
|
||||
name = "libcryptsetup-sys"
|
||||
version = "0.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
version = "0.1.1"
|
||||
source = "git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy#2f3e0e20a4619e09750e759c96286f32c2baa2fa"
|
||||
dependencies = [
|
||||
"libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
"pkg-config 0.3.16 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||
@ -557,13 +558,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
"checksum backtrace 0.3.37 (registry+https://github.com/rust-lang/crates.io-index)" = "5180c5a20655b14a819b652fd2378fa5f1697b6c9ddad3e695c2f9cedf6df4e2"
|
||||
"checksum backtrace-sys 0.1.31 (registry+https://github.com/rust-lang/crates.io-index)" = "82a830b4ef2d1124a711c71d263c5abdc710ef8e907bd508c88be475cebc422b"
|
||||
"checksum bitflags 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3d155346769a6855b86399e9bc3814ab343cd3d62c7e985113d46a0ec3c281fd"
|
||||
"checksum blkid-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9bc207ca2ccb5bdf3b3e43be52a4afa0eca780851fb80733d28bd3688bead5c6"
|
||||
"checksum blkid-rs 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)" = "<none>"
|
||||
"checksum byteorder 1.3.2 (registry+https://github.com/rust-lang/crates.io-index)" = "a7c3dd8985a7111efc5c80b44e23ecdd8c007de8ade3b96595387e812b957cf5"
|
||||
"checksum cbor-codec 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)" = "e083a023562b37c52837e850131a51b1154cceb9d149f41ee3d386737b140f46"
|
||||
"checksum cc 1.0.45 (registry+https://github.com/rust-lang/crates.io-index)" = "4fc9a35e1f4290eb9e5fc54ba6cf40671ed2a2514c3eeb2b2a908dda2ea5a1be"
|
||||
"checksum cfg-if 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "b486ce3ccf7ffd79fdeb678eac06a9e6c09fc88d33836340becb8fffe87c5e33"
|
||||
"checksum cloudabi 0.0.3 (registry+https://github.com/rust-lang/crates.io-index)" = "ddfc5b9aa5d4507acaf872de71051dfd0e309860e88966e1051e462a077aac4f"
|
||||
"checksum cryptsetup-rs 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9da293bc97d0ccf0f53e440537dc2dd945eaa79642997685a1c0664062ef0a29"
|
||||
"checksum cryptsetup-rs 0.2.0 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)" = "<none>"
|
||||
"checksum ctap 0.1.0 (git+https://github.com/shimunn/ctap.git?branch=hmac_ext)" = "<none>"
|
||||
"checksum envy 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "261b836bcf13f42a01c70351f56bd7b66db6e6fb58352bd214cb77e9269a34b4"
|
||||
"checksum errno 0.2.4 (registry+https://github.com/rust-lang/crates.io-index)" = "c2a071601ed01b988f896ab14b95e67335d1eeb50190932a1320f7fe3cadc84e"
|
||||
@ -576,7 +577,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
"checksum itoa 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)" = "501266b7edd0174f8530248f87f99c88fbe60ca4ef3dd486835b8d8d53136f7f"
|
||||
"checksum lazy_static 1.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
|
||||
"checksum libc 0.2.62 (registry+https://github.com/rust-lang/crates.io-index)" = "34fcd2c08d2f832f376f4173a231990fa5aef4e99fb569867318a227ef4c06ba"
|
||||
"checksum libcryptsetup-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "321aea95b53514a18b523f544cdb7bc785adec1f0a7e207df611677f9b934ddd"
|
||||
"checksum libcryptsetup-sys 0.1.1 (git+https://github.com/shimunn/cryptsetup-rs.git?branch=destroy)" = "<none>"
|
||||
"checksum log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)" = "14b6052be84e6b71ab17edffc2eeabf5c2c3ae1fdb464aae35ac50c67a44e1f7"
|
||||
"checksum num-derive 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)" = "eafd0b45c5537c3ba526f79d3e75120036502bebacbb3f3220914067ce39dbf2"
|
||||
"checksum num-traits 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "6ba9a427cfca2be13aa6f6403b0b7e7368fe982bfa16fccc450ce74c46cd9b32"
|
||||
|
||||
@ -6,7 +6,10 @@ edition = "2018"
|
||||
|
||||
[dependencies]
|
||||
ctap = { git = "https://github.com/shimunn/ctap.git", branch = "hmac_ext" }
|
||||
cryptsetup-rs = "0.2.0"
|
||||
#cryptsetup-rs = "0.2.0"
|
||||
cryptsetup-rs = { git = "https://github.com/shimunn/cryptsetup-rs.git", branch = "destroy" }
|
||||
libcryptsetup-sys = { git = "https://github.com/shimunn/cryptsetup-rs.git", branch = "destroy" }
|
||||
|
||||
hex = "0.3.2"
|
||||
rust-crypto = "0.2.36"
|
||||
failure = "0.1.5"
|
||||
@ -16,7 +19,6 @@ serde_json = "1.0.40"
|
||||
rpassword = "4.0.1"
|
||||
envy = "0.4.0"
|
||||
|
||||
|
||||
[profile.release]
|
||||
lto = true
|
||||
opt-level = 'z'
|
||||
|
||||
10
src/cli.rs
10
src/cli.rs
@ -4,6 +4,7 @@ use crate::*;
|
||||
use cryptsetup_rs as luks;
|
||||
use cryptsetup_rs::api::{CryptDeviceHandle, CryptDeviceOpenBuilder, Luks1Params};
|
||||
use cryptsetup_rs::{Luks1CryptDevice, CryptDevice};
|
||||
use libcryptsetup_sys::crypt_keyslot_info;
|
||||
use ctap;
|
||||
use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
|
||||
use ctap::FidoDevice;
|
||||
@ -78,7 +79,7 @@ pub fn setup() -> Fido2LuksResult<()> {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub fn add_key_to_luks(device: PathBuf, secret: &[u8; 32]) -> Fido2LuksResult<u8> {
|
||||
pub fn add_key_to_luks(device: PathBuf, secret: &[u8; 32], exclusive: bool) -> Fido2LuksResult<u8> {
|
||||
fn offer_format(
|
||||
_dev: CryptDeviceOpenBuilder,
|
||||
) -> Fido2LuksResult<CryptDeviceHandle<Luks1Params>> {
|
||||
@ -114,6 +115,13 @@ pub fn add_key_to_luks(device: PathBuf, secret: &[u8; 32]) -> Fido2LuksResult<u8
|
||||
};
|
||||
handle.set_iteration_time(50);
|
||||
let slot = handle.add_keyslot(secret, prev_key.as_ref().map(|b| b.as_slice()), None)?;
|
||||
if exclusive {
|
||||
for old_slot in 0..8u8 {
|
||||
if old_slot != slot && (handle.keyslot_status(old_slot.into()) == crypt_keyslot_info::CRYPT_SLOT_ACTIVE || handle.keyslot_status(old_slot.into()) == crypt_keyslot_info::CRYPT_SLOT_ACTIVE_LAST) {
|
||||
handle.destroy_keyslot(old_slot)?;
|
||||
}
|
||||
}
|
||||
}
|
||||
Ok(slot)
|
||||
}
|
||||
|
||||
|
||||
@ -143,7 +143,7 @@ fn main() -> Fido2LuksResult<()> {
|
||||
conf.device = conf.device.or(Some(device.to_string()));
|
||||
let slot = add_key_to_luks(
|
||||
conf.device.as_ref().unwrap().into(),
|
||||
&secret_from_env_config(&conf)?,
|
||||
&secret_from_env_config(&conf)?, true
|
||||
)?;
|
||||
println!("Added to key to device {}, slot: {}", device, slot);
|
||||
Ok(())
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user