shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

ensure replace_key uses the same slot

Browse Source
This commit is contained in:
shimun
2020-06-19 20:05:05 +02:00
parent 743edf668a
commit ddfd24a098
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/luks.rs
View File

@@ -219,13 +219,19 @@ pub fn replace_key<P: AsRef<Path>>(
credential_id: Option<&[u8]>, credential_id: Option<&[u8]>,
) -> Fido2LuksResult<u32> { ) -> Fido2LuksResult<u32> {
let mut device = load_device_handle(path)?; let mut device = load_device_handle(path)?;
// Set iteration time not sure wether this applies to luks2 as well
if let Some(millis) = iteration_time { if let Some(millis) = iteration_time {
device.settings_handle().set_iteration_time(millis) device.settings_handle().set_iteration_time(millis)
} }
let slot = device // Use activate dry-run to locate keyslot
let slot = device.activate_handle().activate_by_passphrase(
None,
None,
old_secret,
CryptActivateFlags::empty(),
)?;
device
.keyslot_handle() .keyslot_handle()
.change_by_passphrase(None, None, old_secret, secret)? as u32; .change_by_passphrase(Some(slot), Some(slot), old_secret, secret)? as u32;
if let Some(id) = credential_id { if let Some(id) = credential_id {
if check_luks2(&mut device).is_ok() { if check_luks2(&mut device).is_ok() {
let token = find_token(&mut device, slot)?.map(|(t, _)| t); let token = find_token(&mut device, slot)?.map(|(t, _)| t);