shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

added command credential
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
shimunn 2019-09-18 19:34:27 +02:00
parent d5d92e6c41
commit ce92db031c
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
2 changed files with 109 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/device.rs
View File

@ -4,6 +4,26 @@ use ctap;
use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension}; use ctap::extensions::hmac::{FidoHmacCredential, HmacExtension};
use ctap::{FidoDevice, FidoError, FidoErrorKind}; use ctap::{FidoDevice, FidoError, FidoErrorKind};
pub fn make_credential_id() -> Fido2LuksResult<FidoHmacCredential> {
let mut errs = Vec::new();
match get_devices()? {
ref devs if devs.is_empty() => Err(Fido2LuksError::NoAuthenticatorError)?,
devs => {
for mut dev in devs.into_iter() {
match dev.make_hmac_credential() {
Ok(cred) => {
return Ok(cred);
}
Err(e) => {
errs.push(e);
}
}
}
}
}
Err(errs.pop().ok_or(Fido2LuksError::NoAuthenticatorError)?)?
}
pub fn perform_challenge(credential_id: &str, salt: &[u8; 32]) -> Fido2LuksResult<[u8; 32]> { pub fn perform_challenge(credential_id: &str, salt: &[u8; 32]) -> Fido2LuksResult<[u8; 32]> {
let cred = FidoHmacCredential { let cred = FidoHmacCredential {
id: hex::decode(credential_id).unwrap(), id: hex::decode(credential_id).unwrap(),

96
src/main.rs
View File

@ -17,6 +17,7 @@ use luks::device::Error::CryptsetupError;
use std::collections::HashMap; use std::collections::HashMap;
use std::env; use std::env;
use std::convert::TryInto;
use std::io::{self, stdout, Write}; use std::io::{self, stdout, Write};
use std::path::PathBuf; use std::path::PathBuf;
use std::process::exit; use std::process::exit;
@ -82,6 +83,86 @@ fn open(conf: &Config, secret: &[u8; 32]) -> Fido2LuksResult<()> {
}*/ }*/
fn main() -> Fido2LuksResult<()> { fn main() -> Fido2LuksResult<()> {
let args: Vec<_> = env::args().skip(1).collect();
fn config_env() -> Fido2LuksResult<EnvConfig> {
Ok(envy::prefixed("FIDO2LUKS_").from_env::<EnvConfig>()?)
}
fn secret_from_env_config(conf: &EnvConfig) -> Fido2LuksResult<[u8; 32]> {
let conf = config_env()?;
let salt =
InputSalt::from(conf.salt.as_str()).obtain(&conf.password_helper.as_str().into())?;
Ok(assemble_secret(
&perform_challenge(&conf.credential_id, &salt)?,
&salt,
))
}
match &args.iter().map(|s| s.as_str()).collect::<Vec<_>>()[..] {
["print-secret"] => {
let conf = config_env()?;
io::stdout().write(hex::encode(&secret_from_env_config(&conf)?[..]).as_bytes())?;
Ok(io::stdout().flush()?)
}
["open"] => {
let mut conf = config_env()?;
open_container(
&conf
.device
.as_ref()
.expect("please specify FIDO2LUKS_DEVICE")
.into(),
&conf
.mapper_name
.as_ref()
.expect("please specify FIDO2LUKS_MAPPER_NAME"),
&secret_from_env_config(&conf)?,
)
}
["open", device, mapper_name] => {
let mut conf = config_env()?;
conf.mapper_name = Some(mapper_name.to_string());
conf.device = Some(device.to_string());
open_container(
&conf
.device
.as_ref()
.expect("please specify FIDO2LUKS_DEVICE")
.into(),
&conf
.mapper_name
.as_ref()
.expect("please specify FIDO2LUKS_MAPPER_NAME"),
&secret_from_env_config(&conf)?,
)
}
["credential"] => {
let cred = make_credential_id()?;
println!("{}", hex::encode(&cred.id));
Ok(())
}
["addkey", device] => {
let mut conf = config_env()?;
conf.device = conf.device.or(Some(device.to_string()));
let slot = add_key_to_luks(
conf.device.as_ref().unwrap().into(),
&secret_from_env_config(&conf)?,
)?;
println!("Added to key to device {}, slot: {}", device, slot);
Ok(())
}
_ => {
println!("Usage:\n
fido2luks open <device> [name]\n
fido2luks addkey <device>\n\n
Environment variables:\n
<FIDO2LUKS_CREDENTIAL_ID>\n
<FIDO2LUKS_SALT>\n
");
Ok(())
}
}
}
fn main_old() -> Fido2LuksResult<()> {
let args: Vec<_> = env::args().skip(1).collect(); //Ignore program name -> Vec let args: Vec<_> = env::args().skip(1).collect(); //Ignore program name -> Vec
let env = env::vars().collect::<HashMap<_, _>>(); let env = env::vars().collect::<HashMap<_, _>>();
let secret = |conf: &Config| -> Fido2LuksResult<[u8; 32]> { let secret = |conf: &Config| -> Fido2LuksResult<[u8; 32]> {
@ -105,18 +186,19 @@ fn main() -> Fido2LuksResult<()> {
} }
} else { } else {
match args.first().map(|s| s.as_ref()).unwrap() { match args.first().map(|s| s.as_ref()).unwrap() {
"addkey" => add_key_to_luks(&Config::load_default_location()?).map(|_| ()), //"addkey" => add_key_to_luks(&Config::load_default_location()?).map(|_| ()),
"setup" => setup(), "setup" => setup(),
"open" if args.get(1).map(|a| &*a == "-e").unwrap_or(false) => { "open" if args.get(1).map(|a| &*a == "-e").unwrap_or(false) => {
let conf = envy::prefixed("FIDO2LUKS_") let conf = envy::prefixed("FIDO2LUKS_")
.from_env::<EnvConfig>() .from_env::<EnvConfig>()
.expect("Missing env config values") .expect("Missing env config values")
.into(); .try_into()?;
open( open(&conf, &secret(&conf)?)
&conf, }
&secret(&conf)?) "open" => open(
}, &Config::load_default_location()?,
"open" => open(&Config::load_default_location()?, &secret(&Config::load_default_location()?)?), &secret(&Config::load_default_location()?)?,
),
"connected" => match authenticator_connected()? { "connected" => match authenticator_connected()? {
false => { false => {
println!("no"); println!("no");