patch secret_gen before obtaing first secret

Cargo.toml

@@ -20,7 +20,7 @@ ring = "0.13.5"
 failure = "0.1.5"
 rpassword = "4.0.1"
 structopt = "0.3.2"
-libcryptsetup-rs = { git = "https://github.com/shimunn/libcryptsetup-rs.git", branch = "crypt_load_ptr_null" }
+libcryptsetup-rs = "0.2.0"
 
 [profile.release]
 lto = true

README.md

@@ -9,7 +9,7 @@ Note: This has only been tested under Fedora 31 using a Solo Key, Trezor Model T
 ### Prerequisites
 
 ```
-dnf install cargo cryptsetup-devel -y
+dnf install clang cargo cryptsetup-devel -y
 ```
 
 ### Device

src/cli.rs

@@ -12,7 +12,9 @@ use std::io::Write;
 use std::process::exit;
 use std::thread;
 
+use crate::util::read_password;
 use std::time::SystemTime;
+
 #[derive(Debug, Eq, PartialEq, Clone)]
 pub struct HexEncoded(pub Vec<u8>);
 
@@ -97,19 +99,40 @@ pub struct SecretGeneration {
         default_value = "15"
     )]
     pub await_authenticator: u64,
+
+    /// Request the password twice to ensure it being correct
+    #[structopt(
+        long = "verify-password",
+        env = "FIDO2LUKS_VERIFY_PASSWORD",
+        hidden = true
+    )]
+    pub verify_password: Option<bool>,
 }
 
 impl SecretGeneration {
-    pub fn patch(&self, args: &Args) -> Self {
+    pub fn patch(&self, args: &Args, verify_password: Option<bool>) -> Self {
         let mut me = self.clone();
         if args.interactive {
             me.password_helper = PasswordHelper::Stdin;
         }
+        me.verify_password = me.verify_password.or(verify_password);
         me
     }
 
-    pub fn obtain_secret(&self) -> Fido2LuksResult<[u8; 32]> {
+    pub fn obtain_secret(&self, password_query: &str) -> Fido2LuksResult<[u8; 32]> {
-        let salt = self.salt.obtain(&self.password_helper)?;
+        let mut salt = [0u8; 32];
+        match self.password_helper {
+            PasswordHelper::Stdin if !self.verify_password.unwrap_or(true) => {
+                salt.copy_from_slice(&util::sha256(&[&read_password(
+                    password_query,
+                    self.verify_password.unwrap_or(true),
+                )?
+                .as_bytes()[..]]));
+            }
+            _ => {
+                salt = self.salt.obtain(&self.password_helper)?;
+            }
+        }
         let timeout = Duration::from_secs(self.await_authenticator);
         let start = SystemTime::now();
 
@@ -170,7 +193,9 @@ impl OtherSecret {
     ) -> Fido2LuksResult<Vec<u8>> {
         match &self.keyfile {
             Some(keyfile) => util::read_keyfile(keyfile.clone()),
-            None if self.fido_device => Ok(Vec::from(&secret_gen.obtain_secret()?[..])),
+            None if self.fido_device => {
+                Ok(Vec::from(&secret_gen.obtain_secret(password_question)?[..]))
+            }
             None => util::read_password(password_question, verify_password)
                 .map(|p| p.as_bytes().to_vec()),
         }
@@ -258,7 +283,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
             binary,
             ref secret_gen,
         } => {
-            let secret = secret_gen.patch(&args).obtain_secret()?;
+            let secret = secret_gen
+                .patch(&args, Some(false))
+                .obtain_secret("Password")?;
             if *binary {
                 stdout.write(&secret[..])?;
             } else {
@@ -273,9 +300,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
             ref secret_gen,
             luks_settings,
         } => {
-            let secret_gen = secret_gen.patch(&args);
+            let secret_gen = secret_gen.patch(&args, None);
             let old_secret = existing_secret.obtain(&secret_gen, false, "Existing password")?;
-            let secret = secret_gen.obtain_secret()?;
+            let secret = secret_gen.obtain_secret("Password")?;
             let added_slot = luks::add_key(
                 device.clone(),
                 &secret,
@@ -306,8 +333,8 @@ pub fn run_cli() -> Fido2LuksResult<()> {
             ref secret_gen,
             luks_settings,
         } => {
-            let secret_gen = secret_gen.patch(&args);
+            let secret_gen = secret_gen.patch(&args, Some(false));
-            let secret = secret_gen.patch(&args).obtain_secret()?;
+            let secret = secret_gen.obtain_secret("Password")?;
             let new_secret = replacement.obtain(&secret_gen, true, "Replacement password")?;
             let slot = if *add_password {
                 luks::add_key(device, &new_secret[..], &secret, luks_settings.kdf_time)
@@ -330,8 +357,8 @@ pub fn run_cli() -> Fido2LuksResult<()> {
             let mut retries = *retries;
             loop {
                 match secret_gen
-                    .patch(&args)
+                    .patch(&args, Some(false))
-                    .obtain_secret()
+                    .obtain_secret("Password")
                     .and_then(|secret| luks::open_container(&device, &name, &secret))
                 {
                     Err(e) => {

src/device.rs

@@ -1,5 +1,6 @@
 use crate::error::*;
 
+use crate::util;
 use ctap::{
     self, extensions::hmac::HmacExtension, request_multiple_devices, FidoAssertionRequestBuilder,
     FidoCredential, FidoCredentialRequestBuilder, FidoDevice, FidoError, FidoErrorKind,
@@ -33,7 +34,9 @@ pub fn perform_challenge(
         .credentials(credentials)
         .build()
         .unwrap();
-    let get_assertion = |device: &mut FidoDevice| device.get_hmac_assertion(&request, &salt, None);
+    let get_assertion = |device: &mut FidoDevice| {
+        device.get_hmac_assertion(&request, &util::sha256(&[&salt[..]]), None)
+    };
     let (_, (secret, _)) = request_multiple_devices(
         get_devices()?
             .iter_mut()

src/luks.rs

@@ -1,11 +1,21 @@
 use crate::error::*;
 
-use libcryptsetup_rs::{CryptActivateFlags, CryptDevice, CryptInit, KeyslotInfo};
+use libcryptsetup_rs::{CryptActivateFlags, CryptDevice, CryptInit, EncryptionFormat, KeyslotInfo};
 use std::path::Path;
 
 fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> {
     let mut device = CryptInit::init(path.as_ref())?;
-    Ok(device.context_handle().load::<()>(None, None).map(|_| device)?)
+    //TODO: determine luks version some way other way than just trying
+    let mut load = |format| device.context_handle().load::<()>(format, None).map(|_| ());
+    vec![EncryptionFormat::Luks2, EncryptionFormat::Luks1]
+        .into_iter()
+        .fold(None, |res, format| match res {
+            Some(Ok(())) => res,
+            Some(e) => Some(e.or(load(format))),
+            None => Some(load(format)),
+        })
+        .unwrap()?;
+    Ok(device)
 }
 
 pub fn open_container<P: AsRef<Path>>(path: P, name: &str, secret: &[u8]) -> Fido2LuksResult<()> {
@@ -28,27 +38,27 @@ pub fn add_key<P: AsRef<Path>>(
         device.settings_handle().set_iteration_time(millis)
     }
     let slot = device
-        .keyslot_handle()
+        .keyslot_handle(None)
-        .add_by_passphrase(None,old_secret, secret)?;
+        .add_by_passphrase(old_secret, secret)?;
     Ok(slot)
 }
 
 pub fn remove_keyslots<P: AsRef<Path>>(path: P, exclude: &[u32]) -> Fido2LuksResult<u32> {
     let mut device = load_device_handle(path)?;
-    let mut handle = device.keyslot_handle();
+    let mut handle;
     let mut destroyed = 0;
     //TODO: detect how many keyslots there are instead of trying within a given range
     for slot in 0..1024 {
-
+        handle = device.keyslot_handle(Some(slot));
-        match handle.status(slot)? {
+        match handle.status()? {
             KeyslotInfo::Inactive => continue,
             KeyslotInfo::Active if !exclude.contains(&slot) => {
-                handle.destroy(slot)?;
+                handle.destroy()?;
                 destroyed += 1;
             }
             _ => (),
         }
-        match handle.status(slot)? {
+        match handle.status()? {
             KeyslotInfo::ActiveLast => break,
             _ => (),
         }
@@ -68,6 +78,6 @@ pub fn replace_key<P: AsRef<Path>>(
         device.settings_handle().set_iteration_time(millis)
     }
     Ok(device
-        .keyslot_handle()
+        .keyslot_handle(None)
         .change_by_passphrase(None, None, old_secret, secret)? as u32)
 }