shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

reduced redundant code

Browse Source
This commit is contained in:
shimun 2020-05-05 23:53:50 +02:00
parent 69732a1ad6
commit a26b79bcd6
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
1 changed files with 82 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

187
src/cli.rs
View File

@ -329,77 +329,18 @@ pub fn run_cli() -> Fido2LuksResult<()> {
authenticator, authenticator,
credentials, credentials,
secret, secret,
exclusive,
existing_secret,
luks_mod, luks_mod,
} => { existing_secret: other_secret,
let pin = if authenticator.pin { ..
Some(read_pin()?)
} else {
None
};
let salt = |q: &str, verify: bool| -> Fido2LuksResult<[u8; 32]> {
if interactive || secret.password_helper == PasswordHelper::Stdin {
util::read_password_hashed(q, verify)
} else {
secret.salt.obtain(&secret.password_helper)
}
};
let old_secret = match existing_secret {
OtherSecret {
keyfile: Some(file),
..
} => util::read_keyfile(file)?,
OtherSecret {
fido_device: true, ..
} => derive_secret(
&credentials.ids.0,
&salt("Existing password", false)?,
authenticator.await_time,
pin.as_deref(),
)?[..]
.to_vec(),
_ => util::read_password("Existing password", false)?
.as_bytes()
.to_vec(),
};
let secret = derive_secret(
&credentials.ids.0,
&salt("Password", false)?,
authenticator.await_time,
pin.as_deref(),
)?;
let added_slot = luks::add_key(
&luks.device,
&secret,
&old_secret[..],
luks_mod.kdf_time.or(Some(10)),
)?;
if *exclusive {
let destroyed = luks::remove_keyslots(&luks.device, &[added_slot])?;
println!(
"Added to key to device {}, slot: {}\nRemoved {} old keys",
luks.device.display(),
added_slot,
destroyed
);
} else {
println!(
"Added to key to device {}, slot: {}",
luks.device.display(),
added_slot
);
}
Ok(())
} }
Command::ReplaceKey { | Command::ReplaceKey {
luks, luks,
authenticator, authenticator,
credentials, credentials,
secret, secret,
add_password,
replacement,
luks_mod, luks_mod,
replacement: other_secret,
..
} => { } => {
let pin = if authenticator.pin { let pin = if authenticator.pin {
Some(read_pin()?) Some(read_pin()?)
@ -413,51 +354,87 @@ pub fn run_cli() -> Fido2LuksResult<()> {
secret.salt.obtain(&secret.password_helper) secret.salt.obtain(&secret.password_helper)
} }
}; };
let replacement_secret = match replacement { let other_secret = |salt_q: &str, verify: bool| -> Fido2LuksResult<Vec<u8>> {
OtherSecret { match other_secret {
keyfile: Some(file), OtherSecret {
.. keyfile: Some(file),
} => util::read_keyfile(file)?, ..
OtherSecret { } => util::read_keyfile(file),
fido_device: true, .. OtherSecret {
} => derive_secret( fido_device: true, ..
} => Ok(derive_secret(
&credentials.ids.0,
&salt(salt_q, verify)?,
authenticator.await_time,
pin.as_deref(),
)?[..]
.to_vec()),
_ => Ok(util::read_password(salt_q, verify)?.as_bytes().to_vec()),
}
};
let secret = |verify: bool| -> Fido2LuksResult<[u8; 32]> {
derive_secret(
&credentials.ids.0, &credentials.ids.0,
&salt("Replacement password", true)?, &salt("Password", verify)?,
authenticator.await_time, authenticator.await_time,
pin.as_deref(), pin.as_deref(),
)?[..] )
.to_vec(),
_ => util::read_password("Replacement password", true)?
.as_bytes()
.to_vec(),
}; };
let existing_secret = derive_secret( // Non overlap
&credentials.ids.0, match &args.command {
&salt("Password", false)?, Command::AddKey { exclusive, .. } => {
authenticator.await_time, let existing_secret = other_secret("Current password", false)?;
pin.as_deref(), let new_secret = secret(true)?;
)?; let added_slot = luks::add_key(
let slot = if *add_password { &luks.device,
luks::add_key( &new_secret,
&luks.device, &existing_secret[..],
&replacement_secret[..], luks_mod.kdf_time.or(Some(10)),
&existing_secret, )?;
luks_mod.kdf_time, if *exclusive {
) let destroyed = luks::remove_keyslots(&luks.device, &[added_slot])?;
} else { println!(
luks::replace_key( "Added to key to device {}, slot: {}\nRemoved {} old keys",
&luks.device, luks.device.display(),
&replacement_secret[..], added_slot,
&existing_secret, destroyed
luks_mod.kdf_time, );
) } else {
}?; println!(
println!( "Added to key to device {}, slot: {}",
"Added to password to device {}, slot: {}", luks.device.display(),
luks.device.display(), added_slot
slot );
); }
Ok(()) Ok(())
}
Command::ReplaceKey { add_password, .. } => {
let existing_secret = secret(false)?;
let replacement_secret = other_secret("Replacement password", true)?;
let slot = if *add_password {
luks::add_key(
&luks.device,
&replacement_secret[..],
&existing_secret,
luks_mod.kdf_time,
)
} else {
luks::replace_key(
&luks.device,
&replacement_secret[..],
&existing_secret,
luks_mod.kdf_time,
)
}?;
println!(
"Added to password to device {}, slot: {}",
luks.device.display(),
slot
);
Ok(())
}
_ => unreachable!(),
}
} }
Command::Open { Command::Open {
luks, luks,