add option to specify keyslot

2020-04-29 18:55:25 +02:00 · 2020-04-29 18:55:25 +02:00 · fcdd2a2d3d
commit fcdd2a2d3d
parent c3d6425e2d
2 changed files with 6 additions and 3 deletions
--- a/src/cli.rs
+++ b/src/cli.rs
@ -76,6 +76,9 @@ pub struct AuthenticatorParameters {
 pub struct LuksParameters {
    #[structopt(env = "FIDO2LUKS_DEVICE")]
    device: PathBuf,
+
+    #[structopt(long = "slot", env = "FIDO2LUKS_DEVICE_SLOT")]
+    slot_hint: Option<u32>,
 }

 #[derive(Debug, StructOpt, Clone)]
@ -461,7 +464,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
                    &salt("Password", false)?,
                    authenticator.await_time,
                )
-                .and_then(|secret| luks::open_container(&luks.device, &name, &secret))
+                .and_then(|secret| luks::open_container(&luks.device, &name, &secret, luks.slot_hint))
                {
                    Err(e) => {
                        match e {
--- a/src/luks.rs
+++ b/src/luks.rs
@ -18,11 +18,11 @@ fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> {
    Ok(device)
 }

-pub fn open_container<P: AsRef<Path>>(path: P, name: &str, secret: &[u8]) -> Fido2LuksResult<()> {
+pub fn open_container<P: AsRef<Path>>(path: P, name: &str, secret: &[u8], slot_hint: Option<u32>) -> Fido2LuksResult<()> {
    let mut device = load_device_handle(path)?;
    device
        .activate_handle()
-        .activate_by_passphrase(Some(name), None, secret, CryptActivateFlags::empty())
+        .activate_by_passphrase(Some(name), slot_hint, secret, CryptActivateFlags::empty())
        .map(|_slot| ())
        .map_err(|_e| Fido2LuksError::WrongSecret)
 }