shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

refractor
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
shimunn 2019-09-17 14:49:57 +02:00
parent 243a9d1167
commit b9f3f793a7
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
3 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/cli.rs
View File

@ -9,7 +9,7 @@ use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
use ctap::FidoDevice; use ctap::FidoDevice;
use std::fs::File; use std::fs::File;
use std::io::{self, Read, Seek, Write}; use std::io::Write;
use std::path::Path; use std::path::Path;
pub fn setup() -> Fido2LuksResult<()> { pub fn setup() -> Fido2LuksResult<()> {

25
src/device.rs Normal file
View File

@ -0,0 +1,25 @@
use crate::error::*;
use ctap;
use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
use ctap::FidoDevice;
pub fn perform_challenge(credential_id: &str, salt: &[u8; 32]) -> Fido2LuksResult<[u8; 32]> {
let cred = FidoHmacCredential {
id: hex::decode(credential_id).unwrap(),
rp_id: "hmac".to_string(),
};
let mut errs = Vec::new();
for di in ctap::get_devices()? {
let mut dev = FidoDevice::new(&di)?;
match dev.hmac_challange(&cred, &salt[..]) {
Ok(secret) => {
return Ok(secret);
}
Err(e) => {
errs.push(e);
}
}
}
Err(errs.pop().ok_or(Fido2LuksError::NoAuthenticatorError)?)?
}

27
src/main.rs
View File

@ -4,6 +4,7 @@ extern crate failure;
extern crate serde_derive; extern crate serde_derive;
use crate::cli::*; use crate::cli::*;
use crate::config::*; use crate::config::*;
use crate::device::*;
use crate::error::*; use crate::error::*;
use crypto::digest::Digest; use crypto::digest::Digest;
use crypto::sha2::Sha256; use crypto::sha2::Sha256;
@ -11,18 +12,18 @@ use cryptsetup_rs as luks;
use cryptsetup_rs::Luks1CryptDevice; use cryptsetup_rs::Luks1CryptDevice;
use ctap; use ctap;
use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
use ctap::FidoDevice;
use luks::device::Error::CryptsetupError; use luks::device::Error::CryptsetupError;
use std::collections::HashMap; use std::collections::HashMap;
use std::env; use std::env;
use std::io::{self, Read, Seek, Write}; use std::io::{self, Write};
use std::path::PathBuf; use std::path::PathBuf;
mod cli; mod cli;
mod config; mod config;
mod device;
mod error; mod error;
mod keystore; mod keystore;
@ -32,26 +33,6 @@ fn open_container(device: &PathBuf, name: &str, secret: &[u8; 32]) -> Fido2LuksR
Ok(()) Ok(())
} }
fn perform_challenge(credential_id: &str, salt: &[u8; 32]) -> Fido2LuksResult<[u8; 32]> {
let cred = FidoHmacCredential {
id: hex::decode(credential_id).unwrap(),
rp_id: "hmac".to_string(),
};
let mut errs = Vec::new();
for di in ctap::get_devices()? {
let mut dev = FidoDevice::new(&di)?;
match dev.hmac_challange(&cred, &salt[..]) {
Ok(secret) => {
return Ok(secret);
}
Err(e) => {
errs.push(e);
}
}
}
Err(errs.pop().ok_or(Fido2LuksError::NoAuthenticatorError)?)?
}
fn assemble_secret(hmac_result: &[u8], salt: &[u8]) -> [u8; 32] { fn assemble_secret(hmac_result: &[u8], salt: &[u8]) -> [u8; 32] {
let mut digest = Sha256::new(); let mut digest = Sha256::new();
digest.input(salt); digest.input(salt);