shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

fix: reintroduce connected command

Browse Source
This commit is contained in:
shimun 2022-03-29 15:58:16 +02:00
parent d5b043840f
commit ca82293976
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
2 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/cli.rs
View File

@ -519,14 +519,13 @@ pub fn run_cli() -> Fido2LuksResult<()> {
} }
} }
} }
Command::Connected => unimplemented!("Not supported by current backend"), Command::Connected => match get_devices() {
//Command::Connected => match get_devices() { Ok(ref devs) if !devs.is_empty() => {
// Ok(ref devs) if !devs.is_empty() => { println!("Found {} devices", devs.len());
// println!("Found {} devices", devs.len()); Ok(())
// Ok(()) }
// } _ => exit(1),
// _ => exit(1), },
//},
Command::Token(cmd) => match cmd { Command::Token(cmd) => match cmd {
TokenCommand::List { TokenCommand::List {
device, device,

23
src/device.rs
View File

@ -2,8 +2,10 @@ use crate::error::*;
use crate::util; use crate::util;
use ctap_hid_fido2; use ctap_hid_fido2;
use ctap_hid_fido2::HidParam;
use ctap_hid_fido2::get_assertion_params; use ctap_hid_fido2::get_assertion_params;
use ctap_hid_fido2::get_assertion_with_args; use ctap_hid_fido2::get_assertion_with_args;
use ctap_hid_fido2::get_fidokey_devices;
use ctap_hid_fido2::get_info; use ctap_hid_fido2::get_info;
use ctap_hid_fido2::make_credential_params; use ctap_hid_fido2::make_credential_params;
use ctap_hid_fido2::public_key_credential_descriptor::PublicKeyCredentialDescriptor; use ctap_hid_fido2::public_key_credential_descriptor::PublicKeyCredentialDescriptor;
@ -49,34 +51,31 @@ pub fn perform_challenge<'a>(
timeout: Duration, timeout: Duration,
pin: Option<&str>, pin: Option<&str>,
) -> Fido2LuksResult<([u8; 32], &'a PublicKeyCredentialDescriptor)> { ) -> Fido2LuksResult<([u8; 32], &'a PublicKeyCredentialDescriptor)> {
if credentials.is_empty() {
return Err(Fido2LuksError::InsufficientCredentials);
}
let mut req = GetAssertionArgsBuilder::new(RP_ID, &[]).extensions(&[ let mut req = GetAssertionArgsBuilder::new(RP_ID, &[]).extensions(&[
get_assertion_params::Extension::HmacSecret(Some(util::sha256(&[&salt[..]]))), get_assertion_params::Extension::HmacSecret(Some(util::sha256(&[&salt[..]]))),
]); ]);
for cred in credentials {
req = req.add_credential_id(&cred.id);
}
if let Some(pin) = pin { if let Some(pin) = pin {
req = req.pin(pin); req = req.pin(pin);
} else { } else {
req = req.without_pin_and_uv(); req = req.without_pin_and_uv();
} }
let resp = get_assertion_with_args(&lib_cfg(), &req.build())?; let resp = get_assertion_with_args(&lib_cfg(), &req.build())?;
fn dbg_hex<'a>(name: &str, vec: &'a Vec<u8>) -> &'a Vec<u8> {
dbg!((name, hex::encode(&vec)));
vec
}
let cred_used2 = credentials.iter().copied().find(|cred| {
resp.iter()
.any(|att| dbg_hex("att", &att.credential_id) == dbg_hex("cred", &cred.id))
});
for att in resp { for att in resp {
for ext in att.extensions.iter() { for ext in att.extensions.iter() {
match ext { match ext {
get_assertion_params::Extension::HmacSecret(Some(secret)) => { get_assertion_params::Extension::HmacSecret(Some(secret)) => {
dbg!(cred_used2);
//TODO: eliminate unwrap //TODO: eliminate unwrap
let cred_used = credentials let cred_used = credentials
.iter() .iter()
.copied() .copied()
.find(|cred| { .find(|cred| {
dbg_hex("att", &att.credential_id) == dbg_hex("cred", &cred.id) att.credential_id == cred.id
}) })
.unwrap(); .unwrap();
return Ok((secret.clone(), cred_used)); return Ok((secret.clone(), cred_used));
@ -97,3 +96,7 @@ pub fn may_require_pin() -> Fido2LuksResult<bool> {
.any(|(name, val)| &name[..] == "clientPin" && *val); .any(|(name, val)| &name[..] == "clientPin" && *val);
Ok(needs_pin) Ok(needs_pin)
} }
pub fn get_devices() -> Fido2LuksResult<Vec<(String, HidParam)>> {
Ok(get_fidokey_devices())
}