Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
e42f962368
|
3
.gitignore
vendored
3
.gitignore
vendored
@@ -2,9 +2,8 @@
|
|||||||
**/*.rs.bk
|
**/*.rs.bk
|
||||||
.idea/
|
.idea/
|
||||||
*.iml
|
*.iml
|
||||||
|
result
|
||||||
fido2luks.bash
|
fido2luks.bash
|
||||||
fido2luks.elv
|
fido2luks.elv
|
||||||
fido2luks.fish
|
fido2luks.fish
|
||||||
fido2luks.zsh
|
fido2luks.zsh
|
||||||
result
|
|
||||||
result-*
|
|
||||||
|
|||||||
2
Cargo.lock
generated
2
Cargo.lock
generated
@@ -377,7 +377,7 @@ dependencies = [
|
|||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "fido2luks"
|
name = "fido2luks"
|
||||||
version = "0.2.16"
|
version = "0.2.15"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"ctap_hmac",
|
"ctap_hmac",
|
||||||
"failure",
|
"failure",
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
[package]
|
[package]
|
||||||
name = "fido2luks"
|
name = "fido2luks"
|
||||||
version = "0.2.16"
|
version = "0.2.15"
|
||||||
authors = ["shimunn <shimun@shimun.net>"]
|
authors = ["shimunn <shimun@shimun.net>"]
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
|
|
||||||
|
|||||||
24
src/cli.rs
24
src/cli.rs
@@ -71,12 +71,6 @@ pub fn parse_cmdline() -> Args {
|
|||||||
Args::from_args()
|
Args::from_args()
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn prompt_interaction(interactive: bool) {
|
|
||||||
if interactive {
|
|
||||||
println!("Authorize using your FIDO device");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn run_cli() -> Fido2LuksResult<()> {
|
pub fn run_cli() -> Fido2LuksResult<()> {
|
||||||
let mut stdout = io::stdout();
|
let mut stdout = io::stdout();
|
||||||
let args = parse_cmdline();
|
let args = parse_cmdline();
|
||||||
@@ -115,7 +109,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
|||||||
} else {
|
} else {
|
||||||
secret.salt.obtain_sha256(&secret.password_helper)
|
secret.salt.obtain_sha256(&secret.password_helper)
|
||||||
}?;
|
}?;
|
||||||
prompt_interaction(interactive);
|
|
||||||
let (secret, _cred) = derive_secret(
|
let (secret, _cred) = derive_secret(
|
||||||
credentials.ids.0.as_slice(),
|
credentials.ids.0.as_slice(),
|
||||||
&salt,
|
&salt,
|
||||||
@@ -171,27 +164,23 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
|||||||
} => Ok((util::read_keyfile(file)?, None)),
|
} => Ok((util::read_keyfile(file)?, None)),
|
||||||
OtherSecret {
|
OtherSecret {
|
||||||
fido_device: true, ..
|
fido_device: true, ..
|
||||||
} => {
|
} => Ok(derive_secret(
|
||||||
prompt_interaction(interactive);
|
|
||||||
Ok(derive_secret(
|
|
||||||
&credentials.ids.0,
|
&credentials.ids.0,
|
||||||
&salt(salt_q, verify)?,
|
&salt(salt_q, verify)?,
|
||||||
authenticator.await_time,
|
authenticator.await_time,
|
||||||
pin.as_deref(),
|
pin.as_deref(),
|
||||||
)
|
)
|
||||||
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?)
|
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?),
|
||||||
}
|
|
||||||
_ => Ok((
|
_ => Ok((
|
||||||
util::read_password(salt_q, verify)?.as_bytes().to_vec(),
|
util::read_password(salt_q, verify)?.as_bytes().to_vec(),
|
||||||
None,
|
None,
|
||||||
)),
|
)),
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
let secret = |q: &str, verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
|
let secret = |verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
|
||||||
prompt_interaction(interactive);
|
|
||||||
derive_secret(
|
derive_secret(
|
||||||
&credentials.ids.0,
|
&credentials.ids.0,
|
||||||
&salt(q, verify)?,
|
&salt("Password", verify)?,
|
||||||
authenticator.await_time,
|
authenticator.await_time,
|
||||||
pin.as_deref(),
|
pin.as_deref(),
|
||||||
)
|
)
|
||||||
@@ -201,7 +190,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
|||||||
match &args.command {
|
match &args.command {
|
||||||
Command::AddKey { exclusive, .. } => {
|
Command::AddKey { exclusive, .. } => {
|
||||||
let (existing_secret, _) = other_secret("Current password", false)?;
|
let (existing_secret, _) = other_secret("Current password", false)?;
|
||||||
let (new_secret, cred) = secret("Password to be added", true)?;
|
let (new_secret, cred) = secret(true)?;
|
||||||
let added_slot = luks_dev.add_key(
|
let added_slot = luks_dev.add_key(
|
||||||
&new_secret,
|
&new_secret,
|
||||||
&existing_secret[..],
|
&existing_secret[..],
|
||||||
@@ -226,7 +215,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
Command::ReplaceKey { add_password, .. } => {
|
Command::ReplaceKey { add_password, .. } => {
|
||||||
let (existing_secret, _) = secret("Current password", false)?;
|
let (existing_secret, _) = secret(false)?;
|
||||||
let (replacement_secret, cred) = other_secret("Replacement password", true)?;
|
let (replacement_secret, cred) = other_secret("Replacement password", true)?;
|
||||||
let slot = if *add_password {
|
let slot = if *add_password {
|
||||||
luks_dev.add_key(
|
luks_dev.add_key(
|
||||||
@@ -285,7 +274,6 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
|||||||
|
|
||||||
// Cow shouldn't be necessary
|
// Cow shouldn't be necessary
|
||||||
let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
|
let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
|
||||||
prompt_interaction(interactive);
|
|
||||||
derive_secret(
|
derive_secret(
|
||||||
credentials.as_ref(),
|
credentials.as_ref(),
|
||||||
&salt("Password", false)?,
|
&salt("Password", false)?,
|
||||||
|
|||||||
Reference in New Issue
Block a user