Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
e42f962368
|
3
.gitignore
vendored
3
.gitignore
vendored
@@ -2,9 +2,8 @@
|
||||
**/*.rs.bk
|
||||
.idea/
|
||||
*.iml
|
||||
result
|
||||
fido2luks.bash
|
||||
fido2luks.elv
|
||||
fido2luks.fish
|
||||
fido2luks.zsh
|
||||
result
|
||||
result-*
|
||||
|
||||
2
Cargo.lock
generated
2
Cargo.lock
generated
@@ -377,7 +377,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "fido2luks"
|
||||
version = "0.2.16"
|
||||
version = "0.2.15"
|
||||
dependencies = [
|
||||
"ctap_hmac",
|
||||
"failure",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "fido2luks"
|
||||
version = "0.2.16"
|
||||
version = "0.2.15"
|
||||
authors = ["shimunn <shimun@shimun.net>"]
|
||||
edition = "2018"
|
||||
|
||||
|
||||
34
src/cli.rs
34
src/cli.rs
@@ -71,12 +71,6 @@ pub fn parse_cmdline() -> Args {
|
||||
Args::from_args()
|
||||
}
|
||||
|
||||
pub fn prompt_interaction(interactive: bool) {
|
||||
if interactive {
|
||||
println!("Authorize using your FIDO device");
|
||||
}
|
||||
}
|
||||
|
||||
pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
let mut stdout = io::stdout();
|
||||
let args = parse_cmdline();
|
||||
@@ -115,7 +109,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
} else {
|
||||
secret.salt.obtain_sha256(&secret.password_helper)
|
||||
}?;
|
||||
prompt_interaction(interactive);
|
||||
let (secret, _cred) = derive_secret(
|
||||
credentials.ids.0.as_slice(),
|
||||
&salt,
|
||||
@@ -171,27 +164,23 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
} => Ok((util::read_keyfile(file)?, None)),
|
||||
OtherSecret {
|
||||
fido_device: true, ..
|
||||
} => {
|
||||
prompt_interaction(interactive);
|
||||
Ok(derive_secret(
|
||||
&credentials.ids.0,
|
||||
&salt(salt_q, verify)?,
|
||||
authenticator.await_time,
|
||||
pin.as_deref(),
|
||||
)
|
||||
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?)
|
||||
}
|
||||
} => Ok(derive_secret(
|
||||
&credentials.ids.0,
|
||||
&salt(salt_q, verify)?,
|
||||
authenticator.await_time,
|
||||
pin.as_deref(),
|
||||
)
|
||||
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?),
|
||||
_ => Ok((
|
||||
util::read_password(salt_q, verify)?.as_bytes().to_vec(),
|
||||
None,
|
||||
)),
|
||||
}
|
||||
};
|
||||
let secret = |q: &str, verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
|
||||
prompt_interaction(interactive);
|
||||
let secret = |verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
|
||||
derive_secret(
|
||||
&credentials.ids.0,
|
||||
&salt(q, verify)?,
|
||||
&salt("Password", verify)?,
|
||||
authenticator.await_time,
|
||||
pin.as_deref(),
|
||||
)
|
||||
@@ -201,7 +190,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
match &args.command {
|
||||
Command::AddKey { exclusive, .. } => {
|
||||
let (existing_secret, _) = other_secret("Current password", false)?;
|
||||
let (new_secret, cred) = secret("Password to be added", true)?;
|
||||
let (new_secret, cred) = secret(true)?;
|
||||
let added_slot = luks_dev.add_key(
|
||||
&new_secret,
|
||||
&existing_secret[..],
|
||||
@@ -226,7 +215,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
Ok(())
|
||||
}
|
||||
Command::ReplaceKey { add_password, .. } => {
|
||||
let (existing_secret, _) = secret("Current password", false)?;
|
||||
let (existing_secret, _) = secret(false)?;
|
||||
let (replacement_secret, cred) = other_secret("Replacement password", true)?;
|
||||
let slot = if *add_password {
|
||||
luks_dev.add_key(
|
||||
@@ -285,7 +274,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
|
||||
// Cow shouldn't be necessary
|
||||
let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
|
||||
prompt_interaction(interactive);
|
||||
derive_secret(
|
||||
credentials.as_ref(),
|
||||
&salt("Password", false)?,
|
||||
|
||||
Reference in New Issue
Block a user