shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

more operations
Some checks failed
continuous-integration/drone/pr Build is failing
Details

Browse Source
This commit is contained in:
shimun 2020-06-21 19:41:00 +02:00
parent ce43cf857d
commit e3bd32c985
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
2 changed files with 79 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
src/cli.rs
View File

@ -312,7 +312,7 @@ pub enum TokenCommand {
credentials: Credentials,
/// Token from which the credentials will be removed
#[structopt(long = "token")]
token: Option<u32>,
token_id: Option<u32>,
},
/// Remove all unassigned tokens
GC {
@ -599,7 +599,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
if token.keyslots.is_empty() {
"None".into()
} else {
token.keyslots.join(",")
token.keyslots.iter().cloned().collect::<Vec<_>>().join(",")
},
token
.credential
@ -615,6 +615,67 @@ pub fn run_cli() -> Fido2LuksResult<()> {
}
Ok(())
}
TokenCommand::Add {
device,
credentials,
slot,
} => {
let mut dev = LuksDevice::load(device)?;
let mut tokens = Vec::new();
for token in dev.tokens()? {
let (id, token) = token?;
if token.keyslots.contains(&slot.to_string()) {
tokens.push((id, token));
}
}
if tokens.is_empty() {
unimplemented!("// TODO: create new token")
}
let count = tokens.len();
for (id, mut token) in tokens {
token
.credential
.extend(credentials.ids.0.iter().map(|h| h.to_string()));
dev.update_token(id, &token)?;
}
println!("Updated {} tokens", count);
Ok(())
}
TokenCommand::Remove {
device,
credentials,
token_id,
} => {
let mut dev = LuksDevice::load(device)?;
let mut tokens = Vec::new();
for token in dev.tokens()? {
let (id, token) = token?;
if let Some(token_id) = token_id {
if id == *token_id {
tokens.push((id, token));
}
} else {
tokens.push((id, token));
}
}
let count = tokens.len();
for (id, mut token) in tokens {
token.credential = token
.credential
.into_iter()
.filter(|cred| {
!credentials
.ids
.0
.iter()
.any(|h| &h.0[..] == cred.as_bytes())
})
.collect();
dev.update_token(id, &token)?;
}
println!("Updated {} tokens", count);
Ok(())
}
TokenCommand::GC { device } => {
let mut dev = LuksDevice::load(device)?;
let mut creds: HashSet<String> = HashSet::new();
@ -636,7 +697,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
);
Ok(())
}
_ => unimplemented!(),
},
}
}

22
src/luks.rs
View File

@ -94,6 +94,16 @@ impl LuksDevice {
Ok(())
}
pub fn update_token(&mut self, token: u32, data: &Fido2LuksToken) -> Fido2LuksResult<()> {
self.device
.token_handle()
.json_set(TokenInput::ReplaceToken(
token,
&serde_json::to_value(&data).unwrap(),
))?;
Ok(())
}
pub fn add_key(
&mut self,
secret: &[u8],
@ -259,15 +269,15 @@ impl LuksDevice {
pub struct Fido2LuksToken {
#[serde(rename = "type")]
pub type_: String,
pub credential: Vec<String>,
pub keyslots: Vec<String>,
pub credential: HashSet<String>,
pub keyslots: HashSet<String>,
}
impl Fido2LuksToken {
fn new(credential_id: impl AsRef<[u8]>, slot: u32) -> Self {
Self {
credential: vec![hex::encode(credential_id)],
keyslots: vec![slot.to_string()],
credential: vec![hex::encode(credential_id)].into_iter().collect(),
keyslots: vec![slot.to_string()].into_iter().collect(),
..Default::default()
}
}
@ -280,8 +290,8 @@ impl Default for Fido2LuksToken {
fn default() -> Self {
Self {
type_: Self::default_type().into(),
credential: Vec::new(),
keyslots: Vec::new(),
credential: HashSet::new(),
keyslots: HashSet::new(),
}
}
}