0.2.12

Cargo.lock

@@ -377,7 +377,7 @@ dependencies = [
 
 [[package]]
 name = "fido2luks"
-version = "0.2.11"
+version = "0.2.12"
 dependencies = [
  "ctap_hmac",
  "failure",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "fido2luks"
-version = "0.2.11"
+version = "0.2.12"
 authors = ["shimunn <shimun@shimun.net>"]
 edition = "2018"
 

src/cli.rs

@@ -7,7 +7,7 @@ use ctap::{FidoCredential, FidoErrorKind};
 use failure::_core::fmt::{Display, Error, Formatter};
 use failure::_core::str::FromStr;
 use failure::_core::time::Duration;
-use std::io::Write;
+use std::io::{Read, Write};
 use std::process::exit;
 use std::thread;
 
@@ -15,6 +15,7 @@ use crate::luks::{Fido2LuksToken, LuksDevice};
 use crate::util::sha256;
 use std::borrow::Cow;
 use std::collections::HashSet;
+use std::fs::File;
 use std::time::SystemTime;
 
 #[derive(Debug, Eq, PartialEq, Clone)]
@@ -77,6 +78,10 @@ pub struct AuthenticatorParameters {
     #[structopt(short = "P", long = "pin")]
     pub pin: bool,
 
+    /// Location to read PIN from
+    #[structopt(long = "pin-source", env = "FIDO2LUKS_PIN_SOURCE")]
+    pub pin_source: Option<PathBuf>,
+
     /// Await for an authenticator to be connected, timeout after n seconds
     #[structopt(
         long = "await-dev",
@@ -87,6 +92,18 @@ pub struct AuthenticatorParameters {
     pub await_time: u64,
 }
 
+impl AuthenticatorParameters {
+    fn read_pin(&self) -> Fido2LuksResult<String> {
+        if let Some(src) = self.pin_source.as_ref() {
+            let mut pin = String::new();
+            File::open(src)?.read_to_string(&mut pin)?;
+            Ok(pin)
+        } else {
+            util::read_password("Authenticator PIN", false)
+        }
+    }
+}
+
 #[derive(Debug, StructOpt)]
 pub struct LuksParameters {
     #[structopt(env = "FIDO2LUKS_DEVICE")]
@@ -165,10 +182,6 @@ fn derive_secret(
     Ok((sha256(&[salt, &unsalted[..]]), cred.clone()))
 }
 
-fn read_pin() -> Fido2LuksResult<String> {
-    util::read_password("Authenticator PIN", false)
-}
-
 #[derive(Debug, StructOpt)]
 pub struct Args {
     /// Request passwords via Stdin instead of using the password helper
@@ -345,7 +358,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
         } => {
             let pin_string;
             let pin = if authenticator.pin {
-                pin_string = read_pin()?;
+                pin_string = authenticator.read_pin()?;
                 Some(pin_string.as_ref())
             } else {
                 None
@@ -362,7 +375,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
         } => {
             let pin_string;
             let pin = if authenticator.pin {
-                pin_string = read_pin()?;
+                pin_string = authenticator.read_pin()?;
                 Some(pin_string.as_ref())
             } else {
                 None
@@ -406,7 +419,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
             ..
         } => {
             let pin = if authenticator.pin {
-                Some(read_pin()?)
+                Some(authenticator.read_pin()?)
             } else {
                 None
             };
@@ -522,7 +535,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
         } => {
             let pin_string;
             let pin = if authenticator.pin {
-                pin_string = read_pin()?;
+                pin_string = authenticator.read_pin()?;
                 Some(pin_string.as_ref())
             } else {
                 None

src/main.rs

@@ -21,10 +21,7 @@ mod util;
 fn main() -> Fido2LuksResult<()> {
     match run_cli() {
         Err(e) => {
-            #[cfg(debug_assertions)]
             eprintln!("{:?}", e);
-            #[cfg(not(debug_assertions))]
-            eprintln!("{}", e);
             exit(e.exit_code())
         }
         _ => exit(0),