use ubuntu as base image

Added documentation and tweaked readme

.drone.yml

@@ -3,32 +3,27 @@ name: default
 
 steps:
  - name: fmt
-   image: rust:1.37.0
+   image: rust:1.43.0
    commands:
      - rustup component add rustfmt
      - cargo fmt --all -- --check
  - name: test
-   image: rust:1.37.0
+   image: ubuntu:focal
+   environment:
+    DEBIAN_FRONTEND: noninteractive
    commands:
-    - apt update && apt install -y libcryptsetup-dev libkeyutils-dev
+    - apt update && apt install -y cargo libkeyutils-dev libclang-dev clang pkg-config libcryptsetup-dev 
-    - cargo test
+    - cargo test --locked
-
- - name: build
-   image: rust:1.37.0
-   commands:
-    - apt update && apt install -y libcryptsetup-dev libkeyutils-dev
-    - cargo install -f --path . --root .
-   when:
-    event: tag
  - name: publish
-   image: plugins/github-release
+   image: ubuntu:focal
-   settings:
+   environment:
-     api_key:
+    DEBIAN_FRONTEND: noninteractive
-      from_secret: github_release
+    CARGO_REGISTRY_TOKEN:
-     files:
+     from_secret: cargo_tkn
-      - bin/fido2luks
+   commands:
-     checksum:
+    - grep -E 'version ?= ?"${DRONE_TAG}"' -i Cargo.toml || (printf "incorrect crate/tag version" && exit 1)
-      - md5
+    - apt update && apt install -y cargo libkeyutils-dev libclang-dev clang pkg-config libcryptsetup-dev 
-      - sha256
+    - cargo package --all-features
+    - cargo publish --all-features
    when:
     event: tag

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "fido2luks"
-version = "0.2.4"
+version = "0.2.11"
 authors = ["shimunn <shimun@shimun.net>"]
 edition = "2018"
 
@@ -11,18 +11,19 @@ repository = "https://github.com/shimunn/fido2luks"
 readme = "README.md"
 keywords = ["luks", "fido2", "u2f"]
 categories = ["command-line-utilities"]
-license-file = "LICENSE"
+license = "MPL-2.0"
 
 [dependencies]
-ctap_hmac = "0.2.1"
+ctap_hmac = { version="0.4.2", features = ["request_multiple"] }
-
-
 hex = "0.3.2"
 ring = "0.13.5"
 failure = "0.1.5"
 rpassword = "4.0.1"
 structopt = "0.3.2"
-libcryptsetup-rs = "0.2.0"
+libcryptsetup-rs = "0.4.1"
+serde_json = "1.0.51"
+serde_derive = "1.0.106"
+serde = "1.0.106"
 
 [profile.release]
 lto = true
@@ -30,3 +31,15 @@ opt-level = 'z'
 panic = 'abort'
 incremental = false
 overflow-checks = false
+
+[package.metadata.deb]
+depends = "$auto, cryptsetup"
+build-depends = "libclang-dev, libcryptsetup-dev"
+extended-description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator"
+assets = [
+    ["target/release/fido2luks", "usr/bin/", "755"],
+    ["initramfs-tools/keyscript.sh", "/lib/cryptsetup/scripts/fido2luks", "755" ],
+    ["initramfs-tools/hook/fido2luks.sh", "etc/initramfs-tools/hooks/", "755" ],
+    ["initramfs-tools/fido2luks.conf", "etc/", "644"],
+]
+conf-files = ["/etc/fido2luks.conf"]

README.md

@@ -1,15 +1,15 @@
 # fido2luks [![Crates.io Version](https://img.shields.io/crates/v/fido2luks.svg)](https://crates.io/crates/fido2luks)
 
-This will allow you to unlock your luks encrypted disk with an fido2 compatible key
+This will allow you to unlock your LUKS encrypted disk with an FIDO2 compatible key.
 
-Note: This has only been tested under Fedora 31 using a Solo Key, Trezor Model T
+Note: This has only been tested under Fedora 31, [Ubuntu 20.04](initramfs-tools/), [NixOS](https://nixos.org/nixos/manual/#sec-luks-file-systems-fido2) using a Solo Key, Trezor Model T
 
 ## Setup
 
 ### Prerequisites
 
 ```
-dnf install cargo cryptsetup-devel -y
+dnf install clang cargo cryptsetup-devel -y
 ```
 
 ### Device
@@ -30,6 +30,8 @@ set -a
 . /etc/fido2luks.conf
 
 # Repeat for each luks volume
+# You can also use the `--token` flag when using LUKS2 which will then store the credential in the LUKS header,
+# enabling you to use `fido2luks open-token` without passing a credential as parameter
 sudo -E fido2luks -i add-key /dev/disk/by-uuid/<DISK_UUID>
 
 # Test(only works if the luks container isn't active)
@@ -63,7 +65,7 @@ cp /usr/bin/fido2luks /boot/fido2luks/
 cp /etc/fido2luks.conf /boot/fido2luks/
 ```
 
-## Test
+## Testing
 
 Just reboot and see if it works, if that's the case you should remove your old less secure password from your LUKS header:
 
@@ -71,6 +73,8 @@ Just reboot and see if it works, if that's the case you should remove your old l
 # Recommend in case you lose your authenticator, store this backupfile somewhere safe
 cryptsetup luksHeaderBackup /dev/disk/by-uuid/<DISK_UUID> --header-backup-file luks_backup_<DISK_UUID>
 # There is no turning back if you mess this up, make sure you made a backup
+# You can also pass `--token` if you're using LUKS2 which will then store the credential in the LUKS header,
+# which will enable you to use `fido2luks open-token` without passing a credential as parameter
 fido2luks -i add-key --exclusive /dev/disk/by-uuid/<DISK_UUID>
 ```
 
@@ -92,6 +96,13 @@ set -a
 
 Then add the new secret to each device and update dracut afterwards `dracut -f`
 
+### Multiple keys
+
+Additional/backup keys are supported, Multiple fido2luks credentials can be added to your /etc/fido2luks.conf file. Credential tokens are comma separated.
+```
+FIDO2LUKS_CREDENTIAL_ID=<CREDENTIAL1>,<CREDENTIAL2>,<CREDENTIAL3>
+```
+
 ## Removal
 
 Remove `rd.luks.2fa` from `GRUB_CMDLINE_LINUX` in /etc/default/grub
@@ -103,3 +114,17 @@ sudo -E fido2luks -i replace-key /dev/disk/by-uuid/<DISK_UUID>
 
 sudo rm -rf /usr/lib/dracut/modules.d/96luks-2fa /etc/dracut.conf.d/luks-2fa.conf /etc/fido2luks.conf
 ```
+
+## License
+
+Licensed under
+
+ * Mozilla Public License 2.0, ([LICENSE-MPL](LICENSE-MPL) or https://www.mozilla.org/en-US/MPL/2.0/)
+
+### Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally
+submitted for inclusion in the work by you, as defined in the MPL 2.0
+license, shall be licensed as above, without any additional terms or
+conditions.
+

initramfs-tools/Makefile

@@ -0,0 +1,11 @@
+.PHONY: install
+install:
+	chmod +x hook/fido2luks.sh keyscript.sh
+	cp -f hook/fido2luks.sh /etc/initramfs-tools/hooks/
+	mkdir -p /usr/share/fido2luks
+	cp -f keyscript.sh /lib/cryptsetup/scripts/fido2luks
+	update-initramfs -u
+remove:
+	sh -c "grep 'keyscript=fido2luks' -i /etc/crypttab && ( echo 'ERROR: your system is still setup to use fido2luks during boot' && exit 1) || exit 0"
+	rm /etc/initramfs-tools/hooks/fido2luks.sh /lib/cryptsetup/scripts/fido2luks
+	update-initramfs -u

initramfs-tools/README.md

@@ -0,0 +1,34 @@
+## Initramfs-tools based systems(Ubuntu and derivatives)
+
+For easiest installation [download and install the precompiled deb from releases.](https://github.com/shimunn/fido2luks/releases). However it is possible to build from source via the instructions on the main readme.
+
+```
+sudo -s
+
+# Insert FIDO key.
+fido2luks credential
+# Tap FIDO key
+# Copy returned string <CREDENTIAL>
+
+nano /etc/fido2luks.conf
+# Insert <CREDENTIAL> 
+# FIDO2LUKS_CREDENTIAL_ID=<CREDENTIAL> 
+
+set -a
+. /etc/fido2luks.conf
+fido2luks -i add-key /dev/<LUKS PARTITION>
+# Current password: <Any current LUKS password>
+# Password: <Password used as FIDO challange>
+# Tap FIDO key
+
+nano /etc/crypttab
+# Append to end ",discard,initramfs,keyscript=fido2luks"
+# E.g. sda6_crypt UUID=XXXXXXXXXX none luks,discard,initramfs,keyscript=fido2luks
+
+update-initramfs -u
+
+
+```
+
+[Recording showing part of the setup](https://shimun.net/fido2luks/setup.svg)
+

initramfs-tools/fido2luks.conf

@@ -0,0 +1,3 @@
+FIDO2LUKS_SALT=Ask
+#FIDO2LUKS_PASSWORD_HELPER="/usr/bin/plymouth ask-for-password --prompt 'FIDO2 password salt'"
+FIDO2LUKS_CREDENTIAL_ID=

initramfs-tools/hook/fido2luks.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+case "$1" in
+prereqs)
+	echo ""
+	exit 0
+	;;
+
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+copy_file config /etc/fido2luks.conf /etc/fido2luks.conf
+copy_exec /usr/bin/fido2luks
+exit 0

initramfs-tools/keyscript.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+set -a
+. /etc/fido2luks.conf
+
+if [ -z "$FIDO2LUKS_PASSWORD_HELPER" ]; then
+	MSG="FIDO2 password salt for $CRYPTTAB_NAME"
+	export FIDO2LUKS_PASSWORD_HELPER="plymouth ask-for-password --prompt '$MSG'"
+fi
+
+fido2luks print-secret --bin

src/cli.rs

@@ -1,27 +1,37 @@
 use crate::error::*;
-use crate::luks;
 use crate::*;
 
 use structopt::StructOpt;
 
-use failure::_core::fmt::{Error, Formatter};
+use ctap::{FidoCredential, FidoErrorKind};
+use failure::_core::fmt::{Display, Error, Formatter};
 use failure::_core::str::FromStr;
 use failure::_core::time::Duration;
 use std::io::Write;
-
 use std::process::exit;
 use std::thread;
 
+use crate::luks::{Fido2LuksToken, LuksDevice};
+use crate::util::sha256;
+use std::borrow::Cow;
+use std::collections::HashSet;
 use std::time::SystemTime;
-#[derive(Debug, Eq, PartialEq, Clone)]
-pub struct HexEncoded(Vec<u8>);
 
-impl std::fmt::Display for HexEncoded {
+#[derive(Debug, Eq, PartialEq, Clone)]
+pub struct HexEncoded(pub Vec<u8>);
+
+impl Display for HexEncoded {
     fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error> {
         f.write_str(&hex::encode(&self.0))
     }
 }
 
+impl AsRef<[u8]> for HexEncoded {
+    fn as_ref(&self) -> &[u8] {
+        &self.0[..]
+    }
+}
+
 impl FromStr for HexEncoded {
     type Err = hex::FromHexError;
 
@@ -30,20 +40,73 @@ impl FromStr for HexEncoded {
     }
 }
 
+#[derive(Debug, Eq, PartialEq, Clone)]
+pub struct CommaSeparated<T: FromStr + Display>(pub Vec<T>);
+
+impl<T: Display + FromStr> Display for CommaSeparated<T> {
+    fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error> {
+        for i in &self.0 {
+            f.write_str(&i.to_string())?;
+            f.write_str(",")?;
+        }
+        Ok(())
+    }
+}
+
+impl<T: Display + FromStr> FromStr for CommaSeparated<T> {
+    type Err = <T as FromStr>::Err;
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(CommaSeparated(
+            s.split(',')
+                .map(|part| <T as FromStr>::from_str(part))
+                .collect::<Result<Vec<_>, _>>()?,
+        ))
+    }
+}
+
 #[derive(Debug, StructOpt)]
-pub struct Args {
+pub struct Credentials {
-    /// Request passwords via Stdin instead of using the password helper
+    /// FIDO credential ids, separated by ',' generate using fido2luks credential
-    #[structopt(short = "i", long = "interactive")]
+    #[structopt(name = "credential-id", env = "FIDO2LUKS_CREDENTIAL_ID")]
-    pub interactive: bool,
+    pub ids: CommaSeparated<HexEncoded>,
-    #[structopt(subcommand)]
+}
-    pub command: Command,
+
+#[derive(Debug, StructOpt)]
+pub struct AuthenticatorParameters {
+    /// Request a PIN to unlock the authenticator
+    #[structopt(short = "P", long = "pin")]
+    pub pin: bool,
+
+    /// Await for an authenticator to be connected, timeout after n seconds
+    #[structopt(
+        long = "await-dev",
+        name = "await-dev",
+        env = "FIDO2LUKS_DEVICE_AWAIT",
+        default_value = "15"
+    )]
+    pub await_time: u64,
+}
+
+#[derive(Debug, StructOpt)]
+pub struct LuksParameters {
+    #[structopt(env = "FIDO2LUKS_DEVICE")]
+    device: PathBuf,
+
+    /// Try to unlock the device using a specifc keyslot, ignore all other slots
+    #[structopt(long = "slot", env = "FIDO2LUKS_DEVICE_SLOT")]
+    slot: Option<u32>,
 }
 
 #[derive(Debug, StructOpt, Clone)]
-pub struct SecretGeneration {
+pub struct LuksModParameters {
-    /// FIDO credential id, generate using fido2luks credential
+    /// Number of milliseconds required to derive the volume decryption key
-    #[structopt(name = "credential-id", env = "FIDO2LUKS_CREDENTIAL_ID")]
+    /// Defaults to 10ms when using an authenticator or the default by cryptsetup when using a password
-    pub credential_id: HexEncoded,
+    #[structopt(long = "kdf-time", name = "kdf-time")]
+    kdf_time: Option<u64>,
+}
+
+#[derive(Debug, StructOpt)]
+pub struct SecretParameters {
     /// Salt for secret generation, defaults to 'ask'
     ///
     /// Options:{n}
@@ -64,34 +127,20 @@ pub struct SecretGeneration {
         default_value = "/usr/bin/env systemd-ask-password 'Please enter second factor for LUKS disk encryption!'"
     )]
     pub password_helper: PasswordHelper,
-
-    /// Await for an authenticator to be connected, timeout after n seconds
-    #[structopt(
-        long = "await-dev",
-        name = "await-dev",
-        env = "FIDO2LUKS_DEVICE_AWAIT",
-        default_value = "15"
-    )]
-    pub await_authenticator: u64,
 }
 
-impl SecretGeneration {
+fn derive_secret(
-    pub fn patch(&self, args: &Args) -> Self {
+    credentials: &[HexEncoded],
-        let mut me = self.clone();
+    salt: &[u8; 32],
-        if args.interactive {
+    timeout: u64,
-            me.password_helper = PasswordHelper::Stdin;
+    pin: Option<&str>,
-        }
+) -> Fido2LuksResult<([u8; 32], FidoCredential)> {
-        me
+    let timeout = Duration::from_secs(timeout);
-    }
-
-    pub fn obtain_secret(&self) -> Fido2LuksResult<[u8; 32]> {
-        let salt = self.salt.obtain(&self.password_helper)?;
-        let timeout = Duration::from_secs(self.await_authenticator);
     let start = SystemTime::now();
 
     while let Ok(el) = start.elapsed() {
         if el > timeout {
-                Err(error::Fido2LuksError::NoAuthenticatorError)?;
+            return Err(error::Fido2LuksError::NoAuthenticatorError);
         }
         if get_devices()
             .map(|devices| !devices.is_empty())
@@ -101,11 +150,43 @@ impl SecretGeneration {
         }
         thread::sleep(Duration::from_millis(500));
     }
-        Ok(assemble_secret(
+
-            &perform_challenge(&self.credential_id.0, &salt)?,
+    let credentials = credentials
-            &salt,
+        .iter()
-        ))
+        .map(|hex| FidoCredential {
-    }
+            id: hex.0.clone(),
+            public_key: None,
+        })
+        .collect::<Vec<_>>();
+    let credentials = credentials.iter().collect::<Vec<_>>();
+    let (unsalted, cred) =
+        perform_challenge(&credentials, salt, timeout - start.elapsed().unwrap(), pin)?;
+
+    Ok((sha256(&[salt, &unsalted[..]]), cred.clone()))
+}
+
+fn read_pin() -> Fido2LuksResult<String> {
+    util::read_password("Authenticator PIN", false)
+}
+
+#[derive(Debug, StructOpt)]
+pub struct Args {
+    /// Request passwords via Stdin instead of using the password helper
+    #[structopt(short = "i", long = "interactive")]
+    pub interactive: bool,
+    #[structopt(subcommand)]
+    pub command: Command,
+}
+
+#[derive(Debug, StructOpt, Clone)]
+pub struct OtherSecret {
+    /// Use a keyfile instead of a password
+    #[structopt(short = "d", long = "keyfile", conflicts_with = "fido_device")]
+    keyfile: Option<PathBuf>,
+    /// Use another fido device instead of a password
+    /// Note: this requires for the credential fot the other device to be passed as argument as well
+    #[structopt(short = "f", long = "fido-device", conflicts_with = "keyfile")]
+    fido_device: bool,
 }
 
 #[derive(Debug, StructOpt)]
@@ -116,51 +197,91 @@ pub enum Command {
         #[structopt(short = "b", long = "bin")]
         binary: bool,
         #[structopt(flatten)]
-        secret_gen: SecretGeneration,
+        credentials: Credentials,
+        #[structopt(flatten)]
+        authenticator: AuthenticatorParameters,
+        #[structopt(flatten)]
+        secret: SecretParameters,
     },
     /// Adds a generated key to the specified LUKS device
     #[structopt(name = "add-key")]
     AddKey {
-        #[structopt(env = "FIDO2LUKS_DEVICE")]
+        #[structopt(flatten)]
-        device: PathBuf,
+        luks: LuksParameters,
+        #[structopt(flatten)]
+        credentials: Credentials,
+        #[structopt(flatten)]
+        authenticator: AuthenticatorParameters,
+        #[structopt(flatten)]
+        secret: SecretParameters,
         /// Will wipe all other keys
         #[structopt(short = "e", long = "exclusive")]
         exclusive: bool,
-        /// Use a keyfile instead of typing a previous password
+        /// Will add an token to your LUKS 2 header, including the credential id
-        #[structopt(short = "d", long = "keyfile")]
+        #[structopt(short = "t", long = "token")]
-        keyfile: Option<PathBuf>,
+        token: bool,
         #[structopt(flatten)]
-        secret_gen: SecretGeneration,
+        existing_secret: OtherSecret,
+        #[structopt(flatten)]
+        luks_mod: LuksModParameters,
     },
     /// Replace a previously added key with a password
     #[structopt(name = "replace-key")]
     ReplaceKey {
-        #[structopt(env = "FIDO2LUKS_DEVICE")]
+        #[structopt(flatten)]
-        device: PathBuf,
+        luks: LuksParameters,
+        #[structopt(flatten)]
+        credentials: Credentials,
+        #[structopt(flatten)]
+        authenticator: AuthenticatorParameters,
+        #[structopt(flatten)]
+        secret: SecretParameters,
         /// Add the password and keep the key
         #[structopt(short = "a", long = "add-password")]
         add_password: bool,
-        /// Use a keyfile instead of typing a previous password
+        /// Will add an token to your LUKS 2 header, including the credential id
-        #[structopt(short = "d", long = "keyfile")]
+        #[structopt(short = "t", long = "token")]
-        keyfile: Option<PathBuf>,
+        token: bool,
         #[structopt(flatten)]
-        secret_gen: SecretGeneration,
+        replacement: OtherSecret,
+        #[structopt(flatten)]
+        luks_mod: LuksModParameters,
     },
     /// Open the LUKS device
     #[structopt(name = "open")]
     Open {
-        #[structopt(env = "FIDO2LUKS_DEVICE")]
+        #[structopt(flatten)]
-        device: PathBuf,
+        luks: LuksParameters,
         #[structopt(env = "FIDO2LUKS_MAPPER_NAME")]
         name: String,
+        #[structopt(flatten)]
+        credentials: Credentials,
+        #[structopt(flatten)]
+        authenticator: AuthenticatorParameters,
+        #[structopt(flatten)]
+        secret: SecretParameters,
         #[structopt(short = "r", long = "max-retries", default_value = "0")]
         retries: i32,
+    },
+    /// Open the LUKS device using credentials embedded in the LUKS 2 header
+    #[structopt(name = "open-token")]
+    OpenToken {
         #[structopt(flatten)]
-        secret_gen: SecretGeneration,
+        luks: LuksParameters,
+        #[structopt(env = "FIDO2LUKS_MAPPER_NAME")]
+        name: String,
+        #[structopt(flatten)]
+        authenticator: AuthenticatorParameters,
+        #[structopt(flatten)]
+        secret: SecretParameters,
+        #[structopt(short = "r", long = "max-retries", default_value = "0")]
+        retries: i32,
     },
     /// Generate a new FIDO credential
     #[structopt(name = "credential")]
     Credential {
+        #[structopt(flatten)]
+        authenticator: AuthenticatorParameters,
         /// Name to be displayed on the authenticator if it has a display
         #[structopt(env = "FIDO2LUKS_CREDENTIAL_NAME")]
         name: Option<String>,
@@ -168,6 +289,45 @@ pub enum Command {
     /// Check if an authenticator is connected
     #[structopt(name = "connected")]
     Connected,
+    Token(TokenCommand),
+}
+
+///LUKS2 token related operations
+#[derive(Debug, StructOpt)]
+pub enum TokenCommand {
+    /// List all tokens associated with the specified device
+    List {
+        #[structopt(env = "FIDO2LUKS_DEVICE")]
+        device: PathBuf,
+        /// Dump all credentials as CSV
+        #[structopt(long = "csv")]
+        csv: bool,
+    },
+    /// Add credential to a keyslot
+    Add {
+        #[structopt(env = "FIDO2LUKS_DEVICE")]
+        device: PathBuf,
+        #[structopt(flatten)]
+        credentials: Credentials,
+        /// Slot to which the credentials will be added
+        #[structopt(long = "slot", env = "FIDO2LUKS_DEVICE_SLOT")]
+        slot: u32,
+    },
+    /// Remove credentials from token(s)
+    Remove {
+        #[structopt(env = "FIDO2LUKS_DEVICE")]
+        device: PathBuf,
+        #[structopt(flatten)]
+        credentials: Credentials,
+        /// Token from which the credentials will be removed
+        #[structopt(long = "token")]
+        token_id: Option<u32>,
+    },
+    /// Remove all unassigned tokens
+    GC {
+        #[structopt(env = "FIDO2LUKS_DEVICE")]
+        device: PathBuf,
+    },
 }
 
 pub fn parse_cmdline() -> Args {
@@ -177,97 +337,247 @@ pub fn parse_cmdline() -> Args {
 pub fn run_cli() -> Fido2LuksResult<()> {
     let mut stdout = io::stdout();
     let args = parse_cmdline();
+    let interactive = args.interactive;
     match &args.command {
-        Command::Credential { name } => {
+        Command::Credential {
-            let cred = make_credential_id(name.as_ref().map(|n| n.as_ref()))?;
+            authenticator,
+            name,
+        } => {
+            let pin_string;
+            let pin = if authenticator.pin {
+                pin_string = read_pin()?;
+                Some(pin_string.as_ref())
+            } else {
+                None
+            };
+            let cred = make_credential_id(name.as_ref().map(|n| n.as_ref()), pin)?;
             println!("{}", hex::encode(&cred.id));
             Ok(())
         }
         Command::PrintSecret {
             binary,
-            ref secret_gen,
+            authenticator,
+            credentials,
+            secret,
         } => {
-            let secret = secret_gen.patch(&args).obtain_secret()?;
+            let pin_string;
-            if *binary {
+            let pin = if authenticator.pin {
-                stdout.write(&secret[..])?;
+                pin_string = read_pin()?;
+                Some(pin_string.as_ref())
             } else {
-                stdout.write(hex::encode(&secret[..]).as_bytes())?;
+                None
+            };
+            let salt = if interactive || secret.password_helper == PasswordHelper::Stdin {
+                util::read_password_hashed("Password", false)
+            } else {
+                secret.salt.obtain(&secret.password_helper)
+            }?;
+            let (secret, _cred) = derive_secret(
+                credentials.ids.0.as_slice(),
+                &salt,
+                authenticator.await_time,
+                pin,
+            )?;
+            if *binary {
+                stdout.write_all(&secret[..])?;
+            } else {
+                stdout.write_all(hex::encode(&secret[..]).as_bytes())?;
             }
             Ok(stdout.flush()?)
         }
         Command::AddKey {
-            device,
+            luks,
-            exclusive,
+            authenticator,
-            keyfile,
+            credentials,
-            ref secret_gen,
+            secret,
+            luks_mod,
+            existing_secret: other_secret,
+            token,
+            ..
+        }
+        | Command::ReplaceKey {
+            luks,
+            authenticator,
+            credentials,
+            secret,
+            luks_mod,
+            replacement: other_secret,
+            token,
+            ..
         } => {
-            let secret = secret_gen.patch(&args).obtain_secret()?;
+            let pin = if authenticator.pin {
-            let old_secret = if let Some(keyfile) = keyfile.clone() {
+                Some(read_pin()?)
-                util::read_keyfile(keyfile.clone())
             } else {
-                util::read_password("Old password", false).map(|p| p.as_bytes().to_vec())
+                None
-            }?;
+            };
-            let added_slot = luks::add_key(device.clone(), &secret, &old_secret[..], Some(10))?;
+            let salt = |q: &str, verify: bool| -> Fido2LuksResult<[u8; 32]> {
+                if interactive || secret.password_helper == PasswordHelper::Stdin {
+                    util::read_password_hashed(q, verify)
+                } else {
+                    secret.salt.obtain(&secret.password_helper)
+                }
+            };
+            let other_secret = |salt_q: &str,
+                                verify: bool|
+             -> Fido2LuksResult<(Vec<u8>, Option<FidoCredential>)> {
+                match other_secret {
+                    OtherSecret {
+                        keyfile: Some(file),
+                        ..
+                    } => Ok((util::read_keyfile(file)?, None)),
+                    OtherSecret {
+                        fido_device: true, ..
+                    } => Ok(derive_secret(
+                        &credentials.ids.0,
+                        &salt(salt_q, verify)?,
+                        authenticator.await_time,
+                        pin.as_deref(),
+                    )
+                    .map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?),
+                    _ => Ok((
+                        util::read_password(salt_q, verify)?.as_bytes().to_vec(),
+                        None,
+                    )),
+                }
+            };
+            let secret = |verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
+                derive_secret(
+                    &credentials.ids.0,
+                    &salt("Password", verify)?,
+                    authenticator.await_time,
+                    pin.as_deref(),
+                )
+            };
+            let mut luks_dev = LuksDevice::load(&luks.device)?;
+            // Non overlap
+            match &args.command {
+                Command::AddKey { exclusive, .. } => {
+                    let (existing_secret, _) = other_secret("Current password", false)?;
+                    let (new_secret, cred) = secret(true)?;
+                    let added_slot = luks_dev.add_key(
+                        &new_secret,
+                        &existing_secret[..],
+                        luks_mod.kdf_time.or(Some(10)),
+                        Some(&cred.id[..]).filter(|_| *token),
+                    )?;
                     if *exclusive {
-                let destroyed = luks::remove_keyslots(&device, &[added_slot])?;
+                        let destroyed = luks_dev.remove_keyslots(&[added_slot])?;
                         println!(
                             "Added to key to device {}, slot: {}\nRemoved {} old keys",
-                    device.display(),
+                            luks.device.display(),
                             added_slot,
                             destroyed
                         );
                     } else {
                         println!(
                             "Added to key to device {}, slot: {}",
-                    device.display(),
+                            luks.device.display(),
                             added_slot
                         );
                     }
                     Ok(())
                 }
-        Command::ReplaceKey {
+                Command::ReplaceKey { add_password, .. } => {
-            device,
+                    let (existing_secret, _) = secret(false)?;
-            add_password,
+                    let (replacement_secret, cred) = other_secret("Replacement password", true)?;
-            keyfile,
-            ref secret_gen,
-        } => {
-            let secret = secret_gen.patch(&args).obtain_secret()?;
-            let new_secret = if let Some(keyfile) = keyfile.clone() {
-                util::read_keyfile(keyfile.clone())
-            } else {
-                util::read_password("Password to add", *add_password).map(|p| p.as_bytes().to_vec())
-            }?;
                     let slot = if *add_password {
-                luks::add_key(device, &new_secret[..], &secret, None)
+                        luks_dev.add_key(
+                            &replacement_secret[..],
+                            &existing_secret,
+                            luks_mod.kdf_time,
+                            cred.as_ref().filter(|_| *token).map(|cred| &cred.id[..]),
+                        )
                     } else {
-                luks::replace_key(device, &new_secret[..], &secret, Some(5))
+                        luks_dev.replace_key(
+                            &replacement_secret[..],
+                            &existing_secret,
+                            luks_mod.kdf_time,
+                            cred.as_ref().filter(|_| *token).map(|cred| &cred.id[..]),
+                        )
                     }?;
                     println!(
                         "Added to password to device {}, slot: {}",
-                device.display(),
+                        luks.device.display(),
                         slot
                     );
                     Ok(())
                 }
+                _ => unreachable!(),
+            }
+        }
         Command::Open {
-            device,
+            luks,
+            authenticator,
+            secret,
+            name,
+            retries,
+            ..
+        }
+        | Command::OpenToken {
+            luks,
+            authenticator,
+            secret,
             name,
             retries,
-            ref secret_gen,
         } => {
+            let pin_string;
+            let pin = if authenticator.pin {
+                pin_string = read_pin()?;
+                Some(pin_string.as_ref())
+            } else {
+                None
+            };
+            let salt = |q: &str, verify: bool| -> Fido2LuksResult<[u8; 32]> {
+                if interactive || secret.password_helper == PasswordHelper::Stdin {
+                    util::read_password_hashed(q, verify)
+                } else {
+                    secret.salt.obtain(&secret.password_helper)
+                }
+            };
+
+            // Cow shouldn't be necessary
+            let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
+                derive_secret(
+                    credentials.as_ref(),
+                    &salt("Password", false)?,
+                    authenticator.await_time,
+                    pin,
+                )
+            };
+
             let mut retries = *retries;
+            let mut luks_dev = LuksDevice::load(&luks.device)?;
             loop {
-                let secret = secret_gen.patch(&args).obtain_secret()?;
+                let secret = match &args.command {
-                match luks::open_container(&device, &name, &secret) {
+                    Command::Open { credentials, .. } => secret(Cow::Borrowed(&credentials.ids.0))
-                    Err(e) => match e {
+                        .and_then(|(secret, _cred)| luks_dev.activate(&name, &secret, luks.slot)),
-                        Fido2LuksError::WrongSecret if retries > 0 => {
+                    Command::OpenToken { .. } => luks_dev.activate_token(
+                        &name,
+                        Box::new(|credentials: Vec<String>| {
+                            let creds = credentials
+                                .into_iter()
+                                .flat_map(|cred| HexEncoded::from_str(cred.as_ref()).ok())
+                                .collect::<Vec<_>>();
+                            secret(Cow::Owned(creds))
+                                .map(|(secret, cred)| (secret, hex::encode(&cred.id)))
+                        }),
+                        luks.slot,
+                    ),
+                    _ => unreachable!(),
+                };
+                match secret {
+                    Err(e) => {
+                        match e {
+                            Fido2LuksError::WrongSecret if retries > 0 => {}
+                            Fido2LuksError::AuthenticatorError { ref cause }
+                                if cause.kind() == FidoErrorKind::Timeout && retries > 0 => {}
+
+                            e => return Err(e),
+                        }
                         retries -= 1;
                         eprintln!("{}", e);
-                            continue;
                     }
-                        e => Err(e)?,
+                    res => break res.map(|_| ()),
-                    },
-                    res => break res,
                 }
             }
         }
@@ -278,5 +588,129 @@ pub fn run_cli() -> Fido2LuksResult<()> {
             }
             _ => exit(1),
         },
+        Command::Token(cmd) => match cmd {
+            TokenCommand::List {
+                device,
+                csv: dump_credentials,
+            } => {
+                let mut dev = LuksDevice::load(device)?;
+                let mut creds = Vec::new();
+                for token in dev.tokens()? {
+                    let (id, token) = token?;
+                    for cred in token.credential.iter() {
+                        if !creds.contains(cred) {
+                            creds.push(cred.clone());
+                            if *dump_credentials {
+                                print!("{}{}", if creds.len() == 1 { "" } else { "," }, cred);
+                            }
+                        }
+                    }
+                    if *dump_credentials {
+                        continue;
+                    }
+                    println!(
+                        "{}:\n\tSlots: {}\n\tCredentials: {}",
+                        id,
+                        if token.keyslots.is_empty() {
+                            "None".into()
+                        } else {
+                            token.keyslots.iter().cloned().collect::<Vec<_>>().join(",")
+                        },
+                        token
+                            .credential
+                            .iter()
+                            .map(|cred| format!(
+                                "{} ({})",
+                                cred,
+                                creds.iter().position(|c| c == cred).unwrap().to_string()
+                            ))
+                            .collect::<Vec<_>>()
+                            .join(",")
+                    );
+                }
+                if *dump_credentials {
+                    println!();
+                }
+                Ok(())
+            }
+            TokenCommand::Add {
+                device,
+                credentials,
+                slot,
+            } => {
+                let mut dev = LuksDevice::load(device)?;
+                let mut tokens = Vec::new();
+                for token in dev.tokens()? {
+                    let (id, token) = token?;
+                    if token.keyslots.contains(&slot.to_string()) {
+                        tokens.push((id, token));
+                    }
+                }
+                let count = if tokens.is_empty() {
+                    dev.add_token(&Fido2LuksToken::with_credentials(&credentials.ids.0, *slot))?;
+                    1
+                } else {
+                    tokens.len()
+                };
+                for (id, mut token) in tokens {
+                    token
+                        .credential
+                        .extend(credentials.ids.0.iter().map(|h| h.to_string()));
+                    dev.update_token(id, &token)?;
+                }
+                println!("Updated {} tokens", count);
+                Ok(())
+            }
+            TokenCommand::Remove {
+                device,
+                credentials,
+                token_id,
+            } => {
+                let mut dev = LuksDevice::load(device)?;
+                let mut tokens = Vec::new();
+                for token in dev.tokens()? {
+                    let (id, token) = token?;
+                    if let Some(token_id) = token_id {
+                        if id == *token_id {
+                            tokens.push((id, token));
+                        }
+                    } else {
+                        tokens.push((id, token));
+                    }
+                }
+                let count = tokens.len();
+                for (id, mut token) in tokens {
+                    token.credential = token
+                        .credential
+                        .into_iter()
+                        .filter(|cred| !credentials.ids.0.iter().any(|h| &h.to_string() == cred))
+                        .collect();
+                    dev.update_token(id, &token)?;
+                }
+                println!("Updated {} tokens", count);
+                Ok(())
+            }
+            TokenCommand::GC { device } => {
+                let mut dev = LuksDevice::load(device)?;
+                let mut creds: HashSet<String> = HashSet::new();
+                let mut remove = Vec::new();
+                for token in dev.tokens()? {
+                    let (id, token) = token?;
+                    if token.keyslots.is_empty() || token.credential.is_empty() {
+                        creds.extend(token.credential);
+                        remove.push(id);
+                    }
+                }
+                for id in remove.iter().rev() {
+                    dev.remove_token(*id)?;
+                }
+                println!(
+                    "Removed {} tokens, affected credentials: {}",
+                    remove.len(),
+                    creds.into_iter().collect::<Vec<_>>().join(",")
+                );
+                Ok(())
+            }
+        },
     }
 }

src/config.rs

@@ -24,7 +24,7 @@ impl Default for InputSalt {
 
 impl From<&str> for InputSalt {
     fn from(s: &str) -> Self {
-        let mut parts = s.split(":").into_iter();
+        let mut parts = s.split(':');
         match parts.next() {
             Some("ask") | Some("Ask") => InputSalt::AskPassword,
             Some("file") => InputSalt::File {
@@ -84,9 +84,10 @@ impl InputSalt {
     }
 }
 
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub enum PasswordHelper {
     Script(String),
+    #[allow(dead_code)]
     Systemd,
     Stdin,
 }
@@ -134,10 +135,9 @@ impl PasswordHelper {
             Systemd => unimplemented!(),
             Stdin => Ok(util::read_password("Password", true)?),
             Script(password_helper) => {
-                let mut helper_parts = password_helper.split(" ");
+                let password = Command::new("sh")
-
+                    .arg("-c")
-                let password = Command::new((&mut helper_parts).next().unwrap())
+                    .arg(&password_helper)
-                    .args(helper_parts)
                     .output()
                     .map_err(|e| Fido2LuksError::AskPassError {
                         cause: error::AskPassError::IO(e),

src/device.rs

@@ -1,91 +1,61 @@
 use crate::error::*;
-use crate::util::sha256;
 
+use crate::util;
 use ctap::{
-    self,
+    self, extensions::hmac::HmacExtension, request_multiple_devices, FidoAssertionRequestBuilder,
-    extensions::hmac::{FidoHmacCredential, HmacExtension},
+    FidoCredential, FidoCredentialRequestBuilder, FidoDevice, FidoError, FidoErrorKind,
-    AuthenticatorOptions, FidoDevice, FidoError, FidoErrorKind, PublicKeyCredentialRpEntity,
-    PublicKeyCredentialUserEntity,
 };
+use std::time::Duration;
 
-const RP_ID: &'static str = "fido2luks";
+const RP_ID: &str = "fido2luks";
 
-fn authenticator_options() -> Option<AuthenticatorOptions> {
+pub fn make_credential_id(
-    Some(AuthenticatorOptions {
+    name: Option<&str>,
-        uv: false, //TODO: should get this from config
+    pin: Option<&str>,
-        rk: true,
+) -> Fido2LuksResult<FidoCredential> {
-    })
+    let mut request = FidoCredentialRequestBuilder::default().rp_id(RP_ID);
-}
+    if let Some(user_name) = name {
-
+        request = request.user_name(user_name);
-fn authenticator_rp() -> PublicKeyCredentialRpEntity<'static> {
-    PublicKeyCredentialRpEntity {
-        id: RP_ID,
-        name: None,
-        icon: None,
     }
-}
+    let request = request.build().unwrap();
-
+    let make_credential = |device: &mut FidoDevice| {
-fn authenticator_user(name: Option<&str>) -> PublicKeyCredentialUserEntity {
+        if let Some(pin) = pin {
-    PublicKeyCredentialUserEntity {
+            device.unlock(pin)?;
-        id: &[0u8],
-        name: name.unwrap_or(""),
-        icon: None,
-        display_name: name,
         }
-}
+        device.make_hmac_credential(&request)
-
-pub fn make_credential_id(name: Option<&str>) -> Fido2LuksResult<FidoHmacCredential> {
-    let mut errs = Vec::new();
-    match get_devices()? {
-        ref devs if devs.is_empty() => Err(Fido2LuksError::NoAuthenticatorError)?,
-        devs => {
-            for mut dev in devs.into_iter() {
-                match dev
-                    .make_hmac_credential_full(
-                        authenticator_rp(),
-                        authenticator_user(name),
-                        &[0u8; 32],
-                        &[],
-                        authenticator_options(),
-                    )
-                    .map(|cred| cred.into())
-                {
-                    //TODO: make credentials device specific
-                    Ok(cred) => {
-                        return Ok(cred);
-                    }
-                    Err(e) => {
-                        errs.push(e);
-                    }
-                }
-            }
-        }
-    }
-    Err(errs.pop().ok_or(Fido2LuksError::NoAuthenticatorError)?)?
-}
-
-pub fn perform_challenge(credential_id: &[u8], salt: &[u8; 32]) -> Fido2LuksResult<[u8; 32]> {
-    let cred = FidoHmacCredential {
-        id: credential_id.to_vec(),
-        rp_id: RP_ID.to_string(),
     };
-    let mut errs = Vec::new();
+    Ok(request_multiple_devices(
-    match get_devices()? {
+        get_devices()?
-        ref devs if devs.is_empty() => Err(Fido2LuksError::NoAuthenticatorError)?,
+            .iter_mut()
-        devs => {
+            .map(|device| (device, &make_credential)),
-            for mut dev in devs.into_iter() {
+        None,
-                match dev.get_hmac_assertion(&cred, &sha256(&[&salt[..]]), None, None) {
+    )?)
-                    Ok(secret) => {
+}
-                        return Ok(secret.0);
+
+pub fn perform_challenge<'a>(
+    credentials: &'a [&'a FidoCredential],
+    salt: &[u8; 32],
+    timeout: Duration,
+    pin: Option<&str>,
+) -> Fido2LuksResult<([u8; 32], &'a FidoCredential)> {
+    let request = FidoAssertionRequestBuilder::default()
+        .rp_id(RP_ID)
+        .credentials(credentials)
+        .build()
+        .unwrap();
+    let get_assertion = |device: &mut FidoDevice| {
+        if let Some(pin) = pin {
+            device.unlock(pin)?;
         }
-                    Err(e) => {
+        device.get_hmac_assertion(&request, &util::sha256(&[&salt[..]]), None)
-                        errs.push(e);
+    };
-                    }
+    let (credential, (secret, _)) = request_multiple_devices(
-                }
+        get_devices()?
-            }
+            .iter_mut()
-        }
+            .map(|device| (device, &get_assertion)),
-    }
+        Some(timeout),
-    Err(errs.pop().ok_or(Fido2LuksError::NoAuthenticatorError)?)?
+    )?;
+    Ok((secret, credential))
 }
 
 pub fn get_devices() -> Fido2LuksResult<Vec<FidoDevice>> {
@@ -94,7 +64,7 @@ pub fn get_devices() -> Fido2LuksResult<Vec<FidoDevice>> {
         match FidoDevice::new(&di) {
             Err(e) => match e.kind() {
                 FidoErrorKind::ParseCtap | FidoErrorKind::DeviceUnsupported => (),
-                err => Err(FidoError::from(err))?,
+                err => return Err(FidoError::from(err).into()),
             },
             Ok(dev) => devices.push(dev),
         }

src/error.rs

@@ -13,11 +13,13 @@ pub enum Fido2LuksError {
     AuthenticatorError { cause: ctap::FidoError },
     #[fail(display = "no authenticator found, please ensure your device is plugged in")]
     NoAuthenticatorError,
-    #[fail(display = "luks err")]
+    #[fail(display = " {}", cause)]
-    LuksError {
+    CryptsetupError {
         cause: libcryptsetup_rs::LibcryptErr,
     },
-    #[fail(display = "no authenticator found, please ensure your device is plugged in")]
+    #[fail(display = "{}", cause)]
+    LuksError { cause: LuksError },
+    #[fail(display = "{}", cause)]
     IoError { cause: io::Error },
     #[fail(display = "supplied secret isn't valid for this device")]
     WrongSecret,
@@ -46,7 +48,41 @@ pub enum AskPassError {
     Mismatch,
 }
 
+#[derive(Debug, Fail)]
+pub enum LuksError {
+    #[fail(display = "This feature requires to the LUKS device to be formatted as LUKS 2")]
+    Luks2Required,
+    #[fail(display = "Invalid token: {}", _0)]
+    InvalidToken(String),
+    #[fail(display = "No token found")]
+    NoToken,
+    #[fail(display = "The device already exists")]
+    DeviceExists,
+}
+
+impl LuksError {
+    pub fn activate(e: LibcryptErr) -> Fido2LuksError {
+        match e {
+            LibcryptErr::IOError(ref io) => match io.raw_os_error() {
+                Some(1) if io.kind() == ErrorKind::PermissionDenied => Fido2LuksError::WrongSecret,
+                Some(17) => Fido2LuksError::LuksError {
+                    cause: LuksError::DeviceExists,
+                },
+                _ => return Fido2LuksError::CryptsetupError { cause: e },
+            },
+            _ => Fido2LuksError::CryptsetupError { cause: e },
+        }
+    }
+}
+
+impl From<LuksError> for Fido2LuksError {
+    fn from(e: LuksError) -> Self {
+        Fido2LuksError::LuksError { cause: e }
+    }
+}
+
 use libcryptsetup_rs::LibcryptErr;
+use std::io::ErrorKind;
 use std::string::FromUtf8Error;
 use Fido2LuksError::*;
 
@@ -62,7 +98,7 @@ impl From<LibcryptErr> for Fido2LuksError {
             LibcryptErr::IOError(e) if e.raw_os_error().iter().any(|code| code == &1i32) => {
                 WrongSecret
             }
-            _ => LuksError { cause: e },
+            _ => CryptsetupError { cause: e },
         }
     }
 }

src/luks.rs

@@ -1,84 +1,327 @@
 use crate::error::*;
 
-use libcryptsetup_rs::{CryptActivateFlags, CryptDevice, CryptInit, EncryptionFormat, KeyslotInfo};
+use libcryptsetup_rs::{
+    CryptActivateFlags, CryptDevice, CryptInit, CryptTokenInfo, EncryptionFormat, KeyslotInfo,
+    TokenInput,
+};
+use std::collections::{HashMap, HashSet};
 use std::path::Path;
 
-fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> {
+pub struct LuksDevice {
+    device: CryptDevice,
+    luks2: Option<bool>,
+}
+
+impl LuksDevice {
+    pub fn load<P: AsRef<Path>>(path: P) -> Fido2LuksResult<LuksDevice> {
         let mut device = CryptInit::init(path.as_ref())?;
-    //TODO: determine luks version some way other way than just trying
+        device.context_handle().load::<()>(None, None)?;
-    let mut load = |format| device.context_handle().load::<()>(format, None).map(|_| ());
+        Ok(Self {
-    vec![EncryptionFormat::Luks2, EncryptionFormat::Luks1]
+            device,
-        .into_iter()
+            luks2: None,
-        .fold(None, |res, format| match res {
-            Some(Ok(())) => res,
-            Some(e) => Some(e.or(load(format))),
-            None => Some(load(format)),
         })
-        .unwrap()?;
+    }
-    Ok(device)
-}
 
-pub fn open_container<P: AsRef<Path>>(path: P, name: &str, secret: &[u8]) -> Fido2LuksResult<()> {
+    pub fn is_luks2(&mut self) -> Fido2LuksResult<bool> {
-    let mut device = load_device_handle(path)?;
+        if let Some(luks2) = self.luks2 {
-    device
+            Ok(luks2)
-        .activate_handle()
+        } else {
-        .activate_by_passphrase(Some(name), None, secret, CryptActivateFlags::empty())
+            self.luks2 = Some(match self.device.format_handle().get_type()? {
-        .map(|_slot| ())
+                EncryptionFormat::Luks2 => true,
-        .map_err(|_e| Fido2LuksError::WrongSecret)
+                _ => false,
-}
+            });
+            self.is_luks2()
+        }
+    }
 
-pub fn add_key<P: AsRef<Path>>(
+    fn require_luks2(&mut self) -> Fido2LuksResult<()> {
-    path: P,
+        if !self.is_luks2()? {
+            return Err(LuksError::Luks2Required.into());
+        }
+        Ok(())
+    }
+
+    pub fn tokens<'a>(
+        &'a mut self,
+    ) -> Fido2LuksResult<Box<dyn Iterator<Item = Fido2LuksResult<(u32, Fido2LuksToken)>> + 'a>>
+    {
+        self.require_luks2()?;
+        Ok(Box::new(
+            (0..32)
+                .map(move |i| {
+                    let status = match self.device.token_handle().status(i) {
+                        Ok(status) => status,
+                        Err(err) => return Some(Err(Fido2LuksError::from(err))),
+                    };
+                    match status {
+                        CryptTokenInfo::Inactive => return None,
+                        CryptTokenInfo::Internal(s)
+                        | CryptTokenInfo::InternalUnknown(s)
+                        | CryptTokenInfo::ExternalUnknown(s)
+                        | CryptTokenInfo::External(s)
+                            if &s != Fido2LuksToken::default_type() =>
+                        {
+                            return None
+                        }
+                        _ => (),
+                    };
+                    let json = match self.device.token_handle().json_get(i) {
+                        Ok(json) => json,
+                        Err(err) => return Some(Err(Fido2LuksError::from(err))),
+                    };
+                    let info: Fido2LuksToken =
+                        match serde_json::from_value(json.clone()).map_err(|_| {
+                            Fido2LuksError::LuksError {
+                                cause: LuksError::InvalidToken(json.to_string()),
+                            }
+                        }) {
+                            Ok(info) => info,
+                            Err(err) => return Some(Err(Fido2LuksError::from(err))),
+                        };
+                    Some(Ok((i, info)))
+                })
+                .filter_map(|o| o),
+        ))
+    }
+
+    pub fn find_token(&mut self, slot: u32) -> Fido2LuksResult<Option<(u32, Fido2LuksToken)>> {
+        let slot_str = slot.to_string();
+        for token in self.tokens()? {
+            let (id, token) = token?;
+            if token.keyslots.contains(&slot_str) {
+                return Ok(Some((id, token)));
+            }
+        }
+        Ok(None)
+    }
+
+    pub fn add_token(&mut self, data: &Fido2LuksToken) -> Fido2LuksResult<()> {
+        self.require_luks2()?;
+        self.device
+            .token_handle()
+            .json_set(TokenInput::AddToken(&serde_json::to_value(&data).unwrap()))?;
+        Ok(())
+    }
+
+    pub fn remove_token(&mut self, token: u32) -> Fido2LuksResult<()> {
+        self.require_luks2()?;
+        self.device
+            .token_handle()
+            .json_set(TokenInput::RemoveToken(token))?;
+        Ok(())
+    }
+
+    pub fn update_token(&mut self, token: u32, data: &Fido2LuksToken) -> Fido2LuksResult<()> {
+        self.require_luks2()?;
+        self.device
+            .token_handle()
+            .json_set(TokenInput::ReplaceToken(
+                token,
+                &serde_json::to_value(&data).unwrap(),
+            ))?;
+        Ok(())
+    }
+
+    pub fn add_key(
+        &mut self,
         secret: &[u8],
         old_secret: &[u8],
         iteration_time: Option<u64>,
-) -> Fido2LuksResult<u32> {
+        credential_id: Option<&[u8]>,
-    let mut device = load_device_handle(path)?;
+    ) -> Fido2LuksResult<u32> {
-    // Set iteration time not sure wether this applies to luks2 as well
         if let Some(millis) = iteration_time {
-        device.settings_handle().set_iteration_time(millis)
+            self.device.settings_handle().set_iteration_time(millis)
+        }
+        let slot = self
+            .device
+            .keyslot_handle()
+            .add_by_passphrase(None, old_secret, secret)?;
+        if let Some(id) = credential_id {
+            self.device.token_handle().json_set(TokenInput::AddToken(
+                &serde_json::to_value(&Fido2LuksToken::new(id, slot)).unwrap(),
+            ))?;
         }
-    let slot = device
-        .keyslot_handle(None)
-        .add_by_passphrase(old_secret, secret)?;
-    Ok(slot)
-}
 
-pub fn remove_keyslots<P: AsRef<Path>>(path: P, exclude: &[u32]) -> Fido2LuksResult<u32> {
+        Ok(slot)
-    let mut device = load_device_handle(path)?;
+    }
-    let mut handle;
+
+    pub fn remove_keyslots(&mut self, exclude: &[u32]) -> Fido2LuksResult<u32> {
         let mut destroyed = 0;
-    //TODO: detect how many keyslots there are instead of trying within a given range
+        let mut tokens = Vec::new();
-    for slot in 0..1024 {
+        for slot in 0..256 {
-        handle = device.keyslot_handle(Some(slot));
+            match self.device.keyslot_handle().status(slot)? {
-        match handle.status()? {
                 KeyslotInfo::Inactive => continue,
-            KeyslotInfo::Active if !exclude.contains(&slot) => {
+                KeyslotInfo::Active | KeyslotInfo::ActiveLast if !exclude.contains(&slot) => {
-                handle.destroy()?;
+                    if self.is_luks2()? {
+                        if let Some((id, _token)) = self.find_token(slot)? {
+                            tokens.push(id);
+                        }
+                    }
+                    self.device.keyslot_handle().destroy(slot)?;
                     destroyed += 1;
                 }
-            _ => (),
-        }
-        match handle.status()? {
                 KeyslotInfo::ActiveLast => break,
                 _ => (),
             }
+            if self.device.keyslot_handle().status(slot)? == KeyslotInfo::ActiveLast {
+                break;
+            }
+        }
+        // Ensure indices stay valid
+        tokens.sort();
+        for token in tokens.iter().rev() {
+            self.remove_token(*token)?;
         }
         Ok(destroyed)
-}
+    }
 
-pub fn replace_key<P: AsRef<Path>>(
+    pub fn replace_key(
-    path: P,
+        &mut self,
         secret: &[u8],
         old_secret: &[u8],
         iteration_time: Option<u64>,
-) -> Fido2LuksResult<u32> {
+        credential_id: Option<&[u8]>,
-    let mut device = load_device_handle(path)?;
+    ) -> Fido2LuksResult<u32> {
-    // Set iteration time not sure wether this applies to luks2 as well
         if let Some(millis) = iteration_time {
-        device.settings_handle().set_iteration_time(millis)
+            self.device.settings_handle().set_iteration_time(millis)
+        }
+        // Use activate dry-run to locate keyslot
+        let slot = self.device.activate_handle().activate_by_passphrase(
+            None,
+            None,
+            old_secret,
+            CryptActivateFlags::empty(),
+        )?;
+        self.device.keyslot_handle().change_by_passphrase(
+            Some(slot),
+            Some(slot),
+            old_secret,
+            secret,
+        )? as u32;
+        if let Some(id) = credential_id {
+            if self.is_luks2()? {
+                let token = self.find_token(slot)?.map(|(t, _)| t);
+                let json = serde_json::to_value(&Fido2LuksToken::new(id, slot)).unwrap();
+                if let Some(token) = token {
+                    self.device
+                        .token_handle()
+                        .json_set(TokenInput::ReplaceToken(token, &json))?;
+                } else {
+                    self.device
+                        .token_handle()
+                        .json_set(TokenInput::AddToken(&json))?;
+                }
+            }
+        }
+        Ok(slot)
+    }
+
+    pub fn activate(
+        &mut self,
+        name: &str,
+        secret: &[u8],
+        slot_hint: Option<u32>,
+    ) -> Fido2LuksResult<u32> {
+        self.device
+            .activate_handle()
+            .activate_by_passphrase(Some(name), slot_hint, secret, CryptActivateFlags::empty())
+            .map_err(LuksError::activate)
+    }
+
+    pub fn activate_token(
+        &mut self,
+        name: &str,
+        secret: impl Fn(Vec<String>) -> Fido2LuksResult<([u8; 32], String)>,
+        slot_hint: Option<u32>,
+    ) -> Fido2LuksResult<u32> {
+        if !self.is_luks2()? {
+            return Err(LuksError::Luks2Required.into());
+        }
+        let mut creds: HashMap<String, HashSet<u32>> = HashMap::new();
+        for token in self.tokens()? {
+            let token = match token {
+                Ok((_id, t)) => t,
+                _ => continue, // An corrupted token should't lock the user out
+            };
+            let slots = || {
+                token
+                    .keyslots
+                    .iter()
+                    .filter_map(|slot| slot.parse::<u32>().ok())
+            };
+            for cred in token.credential.iter() {
+                creds
+                    .entry(cred.clone())
+                    .or_insert_with(|| slots().collect::<HashSet<u32>>())
+                    .extend(slots());
+            }
+        }
+        if creds.is_empty() {
+            return Err(Fido2LuksError::LuksError {
+                cause: LuksError::NoToken,
+            });
+        }
+        let (secret, credential) = secret(creds.keys().cloned().collect())?;
+        let empty;
+        let slots = if let Some(slots) = creds.get(&credential) {
+            slots
+        } else {
+            empty = HashSet::new();
+            &empty
+        };
+        //Try slots associated with the credential used
+        let slots = slots.iter().cloned().map(Option::Some).chain(
+            std::iter::once(slot_hint) // Try slot hint if there is one
+                .take(slot_hint.is_some() as usize)
+                .chain(std::iter::once(None).take(slots.is_empty() as usize)), // Try all slots as last resort
+        );
+        for slot in slots {
+            match self.activate(name, &secret, slot) {
+                Err(Fido2LuksError::WrongSecret) => (),
+                res => return res,
+            }
+        }
+        Err(Fido2LuksError::WrongSecret)
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Fido2LuksToken {
+    #[serde(rename = "type")]
+    pub type_: String,
+    pub credential: HashSet<String>,
+    pub keyslots: HashSet<String>,
+}
+
+impl Fido2LuksToken {
+    pub fn new(credential_id: impl AsRef<[u8]>, slot: u32) -> Self {
+        Self::with_credentials(std::iter::once(credential_id), slot)
+    }
+
+    pub fn with_credentials<I: IntoIterator<Item = B>, B: AsRef<[u8]>>(
+        credentials: I,
+        slot: u32,
+    ) -> Self {
+        Self {
+            credential: credentials
+                .into_iter()
+                .map(|cred| hex::encode(cred.as_ref()))
+                .collect(),
+            keyslots: vec![slot.to_string()].into_iter().collect(),
+            ..Default::default()
+        }
+    }
+    pub fn default_type() -> &'static str {
+        "fido2luks"
+    }
+}
+
+impl Default for Fido2LuksToken {
+    fn default() -> Self {
+        Self {
+            type_: Self::default_type().into(),
+            credential: HashSet::new(),
+            keyslots: HashSet::new(),
+        }
     }
-    Ok(device
-        .keyslot_handle(None)
-        .change_by_passphrase(None, None, old_secret, secret)? as u32)
 }

src/main.rs

@@ -1,6 +1,8 @@
 #[macro_use]
 extern crate failure;
 extern crate ctap_hmac as ctap;
+#[macro_use]
+extern crate serde_derive;
 use crate::cli::*;
 use crate::config::*;
 use crate::device::*;
@@ -16,10 +18,6 @@ mod error;
 mod luks;
 mod util;
 
-fn assemble_secret(hmac_result: &[u8], salt: &[u8]) -> [u8; 32] {
-    util::sha256(&[salt, hmac_result])
-}
-
 fn main() -> Fido2LuksResult<()> {
     match run_cli() {
         Err(e) => {
@@ -32,20 +30,3 @@ fn main() -> Fido2LuksResult<()> {
         _ => exit(0),
     }
 }
-
-#[cfg(test)]
-mod test {
-
-    use super::*;
-
-    #[test]
-    fn test_assemble_secret() {
-        assert_eq!(
-            assemble_secret(b"abc", b"def"),
-            [
-                46, 82, 82, 140, 142, 159, 249, 196, 227, 160, 142, 72, 151, 77, 59, 62, 180, 36,
-                33, 47, 241, 94, 17, 232, 133, 103, 247, 32, 152, 253, 43, 19
-            ]
-        )
-    }
-}

src/util.rs

@@ -4,7 +4,7 @@ use std::fs::File;
 use std::io::Read;
 use std::path::PathBuf;
 
-pub fn sha256<'a>(messages: &[&[u8]]) -> [u8; 32] {
+pub fn sha256(messages: &[&[u8]]) -> [u8; 32] {
     let mut digest = digest::Context::new(&digest::SHA256);
     for m in messages.iter() {
         digest.update(m);
@@ -23,12 +23,16 @@ pub fn read_password(q: &str, verify: bool) -> Fido2LuksResult<String> {
         {
             Err(Fido2LuksError::AskPassError {
                 cause: AskPassError::Mismatch,
-            })?
+            })
         }
         pass => Ok(pass),
     }
 }
 
+pub fn read_password_hashed(q: &str, verify: bool) -> Fido2LuksResult<[u8; 32]> {
+    read_password(q, verify).map(|pass| sha256(&[pass.as_bytes()]))
+}
+
 pub fn read_keyfile<P: Into<PathBuf>>(path: P) -> Fido2LuksResult<Vec<u8>> {
     let mut file = File::open(path.into())?;
     let mut key = Vec::new();