added --allow-discards flag
This commit is contained in:
parent
4e7ef4b8b7
commit
f6c2bc4cdb
GPG Key ID:
E81D8382DC2F971B
4
Cargo.lock
generated
4
Cargo.lock
generated
@ -1,5 +1,7 @@
|
||||
# This file is automatically @generated by Cargo.
|
||||
# It is not intended for manual editing.
|
||||
version = 3
|
||||
|
||||
[[package]]
|
||||
name = "addr2line"
|
||||
version = "0.13.0"
|
||||
@ -404,7 +406,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "fido2luks"
|
||||
version = "0.3.0"
|
||||
version = "0.3.0-alpha"
|
||||
dependencies = [
|
||||
"ctap_hmac",
|
||||
"failure",
|
||||
|
||||
@ -433,6 +433,8 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
credentials,
|
||||
retries,
|
||||
dry_run,
|
||||
allow_discards,
|
||||
..
|
||||
} => {
|
||||
let inputs = |q: &str, verify: bool| -> Fido2LuksResult<(Option<String>, [u8; 32])> {
|
||||
get_input(&secret, &authenticator, args.interactive, q, verify)
|
||||
@ -469,7 +471,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
});
|
||||
secret(Cow::Borrowed(&credentials.0)).and_then(|(secret, cred)| {
|
||||
log(&|| format!("credential used: {}", hex::encode(&cred.id)));
|
||||
luks_dev.activate(&name, &secret, luks.slot, *dry_run)
|
||||
luks_dev.activate(&name, &secret, luks.slot, *dry_run, *allow_discards)
|
||||
})
|
||||
} else if luks2 && !luks.disable_token {
|
||||
luks_dev.activate_token(
|
||||
@ -487,6 +489,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
}),
|
||||
luks.slot,
|
||||
*dry_run,
|
||||
*allow_discards,
|
||||
)
|
||||
} else if luks_dev.is_luks2()? && luks.disable_token {
|
||||
// disable-token is mostly cosmetic in this instance
|
||||
|
||||
@ -244,6 +244,9 @@ pub enum Command {
|
||||
/// Perform the whole procedure without mounting the LUKS volume on success
|
||||
#[structopt(long = "dry-run")]
|
||||
dry_run: bool,
|
||||
/// Pass SSD trim instructions to the underlying block device
|
||||
#[structopt(long = "allow-discards")]
|
||||
allow_discards: bool,
|
||||
},
|
||||
/// Generate a new FIDO credential
|
||||
#[structopt(name = "credential")]
|
||||
|
||||
19
src/luks.rs
19
src/luks.rs
@ -1,8 +1,8 @@
|
||||
use crate::error::*;
|
||||
|
||||
use libcryptsetup_rs::{
|
||||
CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo, EncryptionFormat, KeyslotInfo,
|
||||
TokenInput,
|
||||
CryptActivateFlag, CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo,
|
||||
EncryptionFormat, KeyslotInfo, TokenInput,
|
||||
};
|
||||
use std::collections::{HashMap, HashSet};
|
||||
use std::path::Path;
|
||||
@ -238,15 +238,15 @@ impl LuksDevice {
|
||||
secret: &[u8],
|
||||
slot_hint: Option<u32>,
|
||||
dry_run: bool,
|
||||
allow_discard: bool,
|
||||
) -> Fido2LuksResult<u32> {
|
||||
let mut flags = CryptActivateFlags::empty();
|
||||
if allow_discard {
|
||||
flags = CryptActivateFlags::new(vec![CryptActivateFlag::AllowDiscards]);
|
||||
}
|
||||
self.device
|
||||
.activate_handle()
|
||||
.activate_by_passphrase(
|
||||
Some(name).filter(|_| !dry_run),
|
||||
slot_hint,
|
||||
secret,
|
||||
CryptActivateFlags::empty(),
|
||||
)
|
||||
.activate_by_passphrase(Some(name).filter(|_| !dry_run), slot_hint, secret, flags)
|
||||
.map_err(LuksError::activate)
|
||||
}
|
||||
|
||||
@ -256,6 +256,7 @@ impl LuksDevice {
|
||||
secret: impl Fn(Vec<String>) -> Fido2LuksResult<([u8; 32], String)>,
|
||||
slot_hint: Option<u32>,
|
||||
dry_run: bool,
|
||||
allow_discard: bool,
|
||||
) -> Fido2LuksResult<u32> {
|
||||
if !self.is_luks2()? {
|
||||
return Err(LuksError::Luks2Required.into());
|
||||
@ -299,7 +300,7 @@ impl LuksDevice {
|
||||
.chain(std::iter::once(None).take(slots.is_empty() as usize)), // Try all slots as last resort
|
||||
);
|
||||
for slot in slots {
|
||||
match self.activate(name, &secret, slot, dry_run) {
|
||||
match self.activate(name, &secret, slot, dry_run, allow_discard) {
|
||||
Err(Fido2LuksError::WrongSecret) => (),
|
||||
res => return res,
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user