Compare commits
2 Commits
password_p
...
0.2.16
| Author | SHA1 | Date | |
|---|---|---|---|
b3495c45f3
|
|||
|
17ca487b85 |
2
.gitignore
vendored
2
.gitignore
vendored
@@ -6,3 +6,5 @@ fido2luks.bash
|
||||
fido2luks.elv
|
||||
fido2luks.fish
|
||||
fido2luks.zsh
|
||||
result
|
||||
result-*
|
||||
|
||||
61
flake.lock
generated
Normal file
61
flake.lock
generated
Normal file
@@ -0,0 +1,61 @@
|
||||
{
|
||||
"nodes": {
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1612192764,
|
||||
"narHash": "sha256-7EnLtZQWP6511G1ZPA7FmJlqAr3hWsAYb24tvTvJ/ec=",
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"rev": "6e149bfd726a8ebefa415f2d713ba6d942435abd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1611910458,
|
||||
"narHash": "sha256-//j54S14v9lp3YKizS1WZW3WKwLjGTzvwhHfUAaRBPQ=",
|
||||
"path": "/nix/store/z5g10k571cc5q9yvr0bafzswp0ggawjw-source",
|
||||
"rev": "6e7f25001fe6874f7ae271891f709bbf50a22c45",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"naersk": "naersk",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"utils": "utils"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1610051610,
|
||||
"narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
||||
61
flake.nix
Normal file
61
flake.nix
Normal file
@@ -0,0 +1,61 @@
|
||||
{
|
||||
description = "Decrypt your LUKS partition using a FIDO2 compatible authenticator";
|
||||
|
||||
inputs = {
|
||||
utils.url = "github:numtide/flake-utils";
|
||||
naersk = {
|
||||
url = "github:nmattia/naersk";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, utils, naersk }:
|
||||
let
|
||||
root = ./.;
|
||||
pname = (builtins.fromTOML (builtins.readFile ./Cargo.toml)).package.name;
|
||||
forPkgs = pkgs:
|
||||
let
|
||||
naersk-lib = naersk.lib."${pkgs.system}";
|
||||
buildInputs = with pkgs; [ cryptsetup ];
|
||||
LIBCLANG_PATH = "${pkgs.clang.cc.lib}/lib";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
pkgconfig
|
||||
clang
|
||||
];
|
||||
in
|
||||
rec {
|
||||
# `nix build`
|
||||
packages.${pname} = naersk-lib.buildPackage {
|
||||
inherit pname root buildInputs nativeBuildInputs LIBCLANG_PATH;
|
||||
};
|
||||
defaultPackage = packages.${pname};
|
||||
|
||||
# `nix run`
|
||||
apps.${pname} = utils.lib.mkApp {
|
||||
drv = packages.${pname};
|
||||
};
|
||||
defaultApp = apps.${pname};
|
||||
|
||||
# `nix flake check`
|
||||
checks = {
|
||||
fmt = with pkgs; runCommandLocal "${pname}-fmt" { buildInputs = [ cargo rustfmt nixpkgs-fmt ]; } ''
|
||||
cd ${root}
|
||||
cargo fmt -- --check
|
||||
nixpkgs-fmt --check *.nix
|
||||
touch $out
|
||||
'';
|
||||
};
|
||||
|
||||
# `nix develop`
|
||||
devShell = pkgs.mkShell {
|
||||
nativeBuildInputs = with pkgs; [ rustc cargo rustfmt nixpkgs-fmt ] ++ nativeBuildInputs;
|
||||
inherit buildInputs LIBCLANG_PATH;
|
||||
};
|
||||
};
|
||||
forSystem = system: forPkgs nixpkgs.legacyPackages."${system}";
|
||||
in
|
||||
(utils.lib.eachSystem [ "aarch64-linux" "i686-linux" "x86_64-linux" ] forSystem) // {
|
||||
overlay = final: prev: (forPkgs final).packages;
|
||||
};
|
||||
|
||||
}
|
||||
26
src/cli.rs
26
src/cli.rs
@@ -71,6 +71,12 @@ pub fn parse_cmdline() -> Args {
|
||||
Args::from_args()
|
||||
}
|
||||
|
||||
pub fn prompt_interaction(interactive: bool) {
|
||||
if interactive {
|
||||
println!("Authorize using your FIDO device");
|
||||
}
|
||||
}
|
||||
|
||||
pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
let mut stdout = io::stdout();
|
||||
let args = parse_cmdline();
|
||||
@@ -109,6 +115,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
} else {
|
||||
secret.salt.obtain_sha256(&secret.password_helper)
|
||||
}?;
|
||||
prompt_interaction(interactive);
|
||||
let (secret, _cred) = derive_secret(
|
||||
credentials.ids.0.as_slice(),
|
||||
&salt,
|
||||
@@ -164,13 +171,16 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
} => Ok((util::read_keyfile(file)?, None)),
|
||||
OtherSecret {
|
||||
fido_device: true, ..
|
||||
} => Ok(derive_secret(
|
||||
&credentials.ids.0,
|
||||
&salt(salt_q, verify)?,
|
||||
authenticator.await_time,
|
||||
pin.as_deref(),
|
||||
)
|
||||
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?),
|
||||
} => {
|
||||
prompt_interaction(interactive);
|
||||
Ok(derive_secret(
|
||||
&credentials.ids.0,
|
||||
&salt(salt_q, verify)?,
|
||||
authenticator.await_time,
|
||||
pin.as_deref(),
|
||||
)
|
||||
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?)
|
||||
}
|
||||
_ => Ok((
|
||||
util::read_password(salt_q, verify)?.as_bytes().to_vec(),
|
||||
None,
|
||||
@@ -178,6 +188,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
}
|
||||
};
|
||||
let secret = |q: &str, verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
|
||||
prompt_interaction(interactive);
|
||||
derive_secret(
|
||||
&credentials.ids.0,
|
||||
&salt(q, verify)?,
|
||||
@@ -274,6 +285,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
|
||||
|
||||
// Cow shouldn't be necessary
|
||||
let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
|
||||
prompt_interaction(interactive);
|
||||
derive_secret(
|
||||
credentials.as_ref(),
|
||||
&salt("Password", false)?,
|
||||
|
||||
Reference in New Issue
Block a user