shimun/fido2luks
1
0
Fork 0
Code Issues Pull Requests 3 Releases Wiki Activity

update to current api

Browse Source
This commit is contained in:
shimun 2020-05-05 23:19:11 +02:00
parent 0b19760175
commit f774580c9c
Signed by: shimun
GPG Key ID: E81D8382DC2F971B
2 changed files with 50 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Cargo.lock generated
View File

@ -473,7 +473,7 @@ checksum = "99e85c08494b21a9054e7fe1374a732aeadaff3980b6990b94bfd3a70f690005"
[[package]] [[package]]
name = "libcryptsetup-rs" name = "libcryptsetup-rs"
version = "0.3.0" version = "0.3.0"
source = "git+https://github.com/shimunn/libcryptsetup-rs.git?branch=luks2_token_set#3578c05e5d2e23bb19ff8cb0932a778061281844" source = "git+https://github.com/shimunn/libcryptsetup-rs.git?branch=luks2_token_set#e877155390f9f81cfc94c711fd99b956e1453dd6"
dependencies = [ dependencies = [
"either", "either",
"libc", "libc",
@ -487,7 +487,7 @@ dependencies = [
[[package]] [[package]]
name = "libcryptsetup-rs-sys" name = "libcryptsetup-rs-sys"
version = "0.1.2" version = "0.1.2"
source = "git+https://github.com/shimunn/libcryptsetup-rs.git?branch=luks2_token_set#3578c05e5d2e23bb19ff8cb0932a778061281844" source = "git+https://github.com/shimunn/libcryptsetup-rs.git?branch=luks2_token_set#e877155390f9f81cfc94c711fd99b956e1453dd6"
dependencies = [ dependencies = [
"bindgen", "bindgen",
"cc", "cc",

94
src/luks.rs
View File

@ -1,13 +1,11 @@
use crate::error::*; use crate::error::*;
use failure::{Fail, ResultExt};
use libcryptsetup_rs::{ use libcryptsetup_rs::{
size_t, CryptActivateFlags, CryptDevice, CryptInit, CryptLuks2Token, CryptTokenInfo, CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo, EncryptionFormat, KeyslotInfo,
EncryptionFormat, KeyslotInfo, LibcryptErr, TokenInput,
}; };
use std::collections::{HashMap, HashSet}; use std::collections::{HashMap, HashSet};
use std::path::Path; use std::path::Path;
use std::result::Result;
fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> { fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> {
let mut device = CryptInit::init(path.as_ref())?; let mut device = CryptInit::init(path.as_ref())?;
@ -30,13 +28,12 @@ fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> {
} }
fn check_luks2(device: &mut CryptDevice) -> Fido2LuksResult<()> { fn check_luks2(device: &mut CryptDevice) -> Fido2LuksResult<()> {
Ok(()) match device.format_handle().get_type()? {
/* match device.format_handle().get_type()? {
EncryptionFormat::Luks2 => Ok(()), EncryptionFormat::Luks2 => Ok(()),
_ => Err(Fido2LuksError::LuksError { _ => Err(Fido2LuksError::LuksError {
cause: LuksError::Luks2Required, cause: LuksError::Luks2Required,
}), }),
}*/ }
} }
#[derive(Debug, Clone, Serialize, Deserialize)] #[derive(Debug, Clone, Serialize, Deserialize)]
@ -69,24 +66,26 @@ pub fn open_container<P: AsRef<Path>>(path: P, name: &str, secret: &[u8]) -> Fid
pub fn open_container_token<P: AsRef<Path>>( pub fn open_container_token<P: AsRef<Path>>(
path: P, path: P,
name: &str, name: &str,
mut secret: Box<Fn(Vec<String>) -> Fido2LuksResult<([u8; 32], String)>>, secret: Box<dyn Fn(Vec<String>) -> Fido2LuksResult<([u8; 32], String)>>,
) -> Fido2LuksResult<()> { ) -> Fido2LuksResult<()> {
let mut device = load_device_handle(path)?; let mut device = load_device_handle(path)?;
check_luks2(&mut device)?; check_luks2(&mut device)?;
let mut creds = HashMap::new(); let mut creds = HashMap::new();
for i in 0..256 { for i in 0..256 {
let (status, type_) = device.token_handle().status(i)?; let status = device.token_handle().status(i)?;
if status == CryptTokenInfo::Inactive { match status {
break; CryptTokenInfo::Inactive => break,
} CryptTokenInfo::Internal(s)
if let Some(s) = type_ { | CryptTokenInfo::InternalUnknown(s)
if &s != "fido2luks" { | CryptTokenInfo::ExternalUnknown(s)
continue; | CryptTokenInfo::External(s)
} if &s != "fido2luks" =>
} else { {
continue; continue
} }
_ => (),
};
let json = device.token_handle().json_get(i)?; let json = device.token_handle().json_get(i)?;
let info: Fido2LuksToken = let info: Fido2LuksToken =
serde_json::from_value(json.clone()).map_err(|_| Fido2LuksError::LuksError { serde_json::from_value(json.clone()).map_err(|_| Fido2LuksError::LuksError {
@ -104,10 +103,14 @@ pub fn open_container_token<P: AsRef<Path>>(
.extend(slots()); .extend(slots());
} }
} }
let (secret, credential) = secret(dbg!(creds.keys().cloned().collect()))?; if creds.is_empty() {
return Err(Fido2LuksError::LuksError {
cause: LuksError::NoToken,
});
}
let (secret, credential) = secret(creds.keys().cloned().collect())?;
let slots = creds.get(&credential).unwrap(); let slots = creds.get(&credential).unwrap();
let mut slots = slots let slots = slots
.iter() .iter()
.cloned() .cloned()
.map(Option::Some) .map(Option::Some)
@ -146,10 +149,9 @@ pub fn add_key<P: AsRef<Path>>(
device.keyslot_handle(Some(slot)).destroy()?; device.keyslot_handle(Some(slot)).destroy()?;
return e.map(|_| 0u32); return e.map(|_| 0u32);
}*/ }*/
device.token_handle().json_set( device.token_handle().json_set(TokenInput::AddToken(
None, &serde_json::to_value(&Fido2LuksToken::new(id, slot)).unwrap(),
Some(&serde_json::to_value(&Fido2LuksToken::new(id, slot)).unwrap()), ))?;
)?;
} }
Ok(slot) Ok(slot)
@ -160,17 +162,19 @@ fn find_token(
slot: u32, slot: u32,
) -> Fido2LuksResult<Option<(u32, Fido2LuksToken)>> { ) -> Fido2LuksResult<Option<(u32, Fido2LuksToken)>> {
for i in 0..256 { for i in 0..256 {
let (status, type_) = device.token_handle().status(i)?; let status = device.token_handle().status(i)?;
if status == CryptTokenInfo::Inactive { match status {
break; CryptTokenInfo::Inactive => break,
} CryptTokenInfo::Internal(s)
if let Some(s) = type_ { | CryptTokenInfo::InternalUnknown(s)
if &s != "fido2luks" { | CryptTokenInfo::ExternalUnknown(s)
continue; | CryptTokenInfo::External(s)
} if &s != "fido2luks" =>
} else { {
continue; continue
} }
_ => (),
};
let json = device.token_handle().json_get(i)?; let json = device.token_handle().json_get(i)?;
let info: Fido2LuksToken = let info: Fido2LuksToken =
serde_json::from_value(json.clone()).map_err(|_| Fido2LuksError::LuksError { serde_json::from_value(json.clone()).map_err(|_| Fido2LuksError::LuksError {
@ -183,14 +187,6 @@ fn find_token(
Ok(None) Ok(None)
} }
fn remove_token(device: &mut CryptDevice, slot: u32) -> Fido2LuksResult<()> {
if let Some((token, _)) = find_token(device, slot)? {
// remove API??
device.token_handle().json_set(Some(token), None)?;
}
Ok(())
}
pub fn remove_keyslots<P: AsRef<Path>>(path: P, exclude: &[u32]) -> Fido2LuksResult<u32> { pub fn remove_keyslots<P: AsRef<Path>>(path: P, exclude: &[u32]) -> Fido2LuksResult<u32> {
let mut device = load_device_handle(path)?; let mut device = load_device_handle(path)?;
let mut destroyed = 0; let mut destroyed = 0;
@ -215,7 +211,9 @@ pub fn remove_keyslots<P: AsRef<Path>>(path: P, exclude: &[u32]) -> Fido2LuksRes
} }
} }
for token in tokens.iter() { for token in tokens.iter() {
device.token_handle().json_set(Some(*token), None)?; device
.token_handle()
.json_set(TokenInput::RemoveToken(*token))?;
} }
Ok(destroyed) Ok(destroyed)
} }
@ -238,10 +236,12 @@ pub fn replace_key<P: AsRef<Path>>(
if let Some(id) = credential_id { if let Some(id) = credential_id {
if check_luks2(&mut device).is_ok() { if check_luks2(&mut device).is_ok() {
let token = find_token(&mut device, slot)?.map(|(t, _)| t); let token = find_token(&mut device, slot)?.map(|(t, _)| t);
device.token_handle().json_set( if let Some(token) = token {
device.token_handle().json_set(TokenInput::ReplaceToken(
token, token,
Some(&serde_json::to_value(&Fido2LuksToken::new(id, slot)).unwrap()), &serde_json::to_value(&Fido2LuksToken::new(id, slot)).unwrap(),
)?; ))?;
}
} }
} }
Ok(slot) Ok(slot)