patch secret_gen before obtaing first secret

mention clang build dependency
enable fido requests to be sent to multiple devices at once
2020-04-06 23:33:41 +02:00 · 2020-04-06 22:52:15 +02:00 · 2020-04-06 21:38:11 +02:00 · 2020-04-03 22:02:05 +02:00 · 2020-04-02 17:22:15 +02:00 · 2020-03-27 20:08:54 +01:00
6 changed files with 429 additions and 392 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -20,7 +20,7 @@ ring = "0.13.5"
 failure = "0.1.5"
 rpassword = "4.0.1"
 structopt = "0.3.2"
-libcryptsetup-rs = { git = "https://github.com/shimunn/libcryptsetup-rs.git", branch = "crypt_load_ptr_null" }
+libcryptsetup-rs = "0.2.0"

 [profile.release]
 lto = true
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ Note: This has only been tested under Fedora 31 using a Solo Key, Trezor Model T
 ### Prerequisites

 ```
-dnf install cargo cryptsetup-devel -y
+dnf install clang cargo cryptsetup-devel -y
 ```

 ### Device
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -12,7 +12,9 @@ use std::io::Write;
 use std::process::exit;
 use std::thread;

+use crate::util::read_password;
 use std::time::SystemTime;
+
 #[derive(Debug, Eq, PartialEq, Clone)]
 pub struct HexEncoded(pub Vec<u8>);

@@ -97,19 +99,40 @@ pub struct SecretGeneration {
        default_value = "15"
    )]
    pub await_authenticator: u64,
+
+    /// Request the password twice to ensure it being correct
+    #[structopt(
+        long = "verify-password",
+        env = "FIDO2LUKS_VERIFY_PASSWORD",
+        hidden = true
+    )]
+    pub verify_password: Option<bool>,
 }

 impl SecretGeneration {
-    pub fn patch(&self, args: &Args) -> Self {
+    pub fn patch(&self, args: &Args, verify_password: Option<bool>) -> Self {
        let mut me = self.clone();
        if args.interactive {
            me.password_helper = PasswordHelper::Stdin;
        }
+        me.verify_password = me.verify_password.or(verify_password);
        me
    }

-    pub fn obtain_secret(&self) -> Fido2LuksResult<[u8; 32]> {
-        let salt = self.salt.obtain(&self.password_helper)?;
+    pub fn obtain_secret(&self, password_query: &str) -> Fido2LuksResult<[u8; 32]> {
+        let mut salt = [0u8; 32];
+        match self.password_helper {
+            PasswordHelper::Stdin if !self.verify_password.unwrap_or(true) => {
+                salt.copy_from_slice(&util::sha256(&[&read_password(
+                    password_query,
+                    self.verify_password.unwrap_or(true),
+                )?
+                .as_bytes()[..]]));
+            }
+            _ => {
+                salt = self.salt.obtain(&self.password_helper)?;
+            }
+        }
        let timeout = Duration::from_secs(self.await_authenticator);
        let start = SystemTime::now();

@@ -170,7 +193,9 @@ impl OtherSecret {
    ) -> Fido2LuksResult<Vec<u8>> {
        match &self.keyfile {
            Some(keyfile) => util::read_keyfile(keyfile.clone()),
-            None if self.fido_device => Ok(Vec::from(&secret_gen.obtain_secret()?[..])),
+            None if self.fido_device => {
+                Ok(Vec::from(&secret_gen.obtain_secret(password_question)?[..]))
+            }
            None => util::read_password(password_question, verify_password)
                .map(|p| p.as_bytes().to_vec()),
        }
@@ -258,7 +283,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            binary,
            ref secret_gen,
        } => {
-            let secret = secret_gen.patch(&args).obtain_secret()?;
+            let secret = secret_gen
+                .patch(&args, Some(false))
+                .obtain_secret("Password")?;
            if *binary {
                stdout.write(&secret[..])?;
            } else {
@@ -273,9 +300,9 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            ref secret_gen,
            luks_settings,
        } => {
-            let secret_gen = secret_gen.patch(&args);
+            let secret_gen = secret_gen.patch(&args, None);
            let old_secret = existing_secret.obtain(&secret_gen, false, "Existing password")?;
-            let secret = secret_gen.obtain_secret()?;
+            let secret = secret_gen.obtain_secret("Password")?;
            let added_slot = luks::add_key(
                device.clone(),
                &secret,
@@ -306,8 +333,8 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            ref secret_gen,
            luks_settings,
        } => {
-            let secret_gen = secret_gen.patch(&args);
-            let secret = secret_gen.patch(&args).obtain_secret()?;
+            let secret_gen = secret_gen.patch(&args, Some(false));
+            let secret = secret_gen.obtain_secret("Password")?;
            let new_secret = replacement.obtain(&secret_gen, true, "Replacement password")?;
            let slot = if *add_password {
                luks::add_key(device, &new_secret[..], &secret, luks_settings.kdf_time)
@@ -330,8 +357,8 @@ pub fn run_cli() -> Fido2LuksResult<()> {
            let mut retries = *retries;
            loop {
                match secret_gen
-                    .patch(&args)
-                    .obtain_secret()
+                    .patch(&args, Some(false))
+                    .obtain_secret("Password")
                    .and_then(|secret| luks::open_container(&device, &name, &secret))
                {
                    Err(e) => {
--- a/src/device.rs
+++ b/src/device.rs
@@ -1,5 +1,6 @@
 use crate::error::*;

+use crate::util;
 use ctap::{
    self, extensions::hmac::HmacExtension, request_multiple_devices, FidoAssertionRequestBuilder,
    FidoCredential, FidoCredentialRequestBuilder, FidoDevice, FidoError, FidoErrorKind,
@@ -33,7 +34,9 @@ pub fn perform_challenge(
        .credentials(credentials)
        .build()
        .unwrap();
-    let get_assertion = |device: &mut FidoDevice| device.get_hmac_assertion(&request, &salt, None);
+    let get_assertion = |device: &mut FidoDevice| {
+        device.get_hmac_assertion(&request, &util::sha256(&[&salt[..]]), None)
+    };
    let (_, (secret, _)) = request_multiple_devices(
        get_devices()?
            .iter_mut()
--- a/src/luks.rs
+++ b/src/luks.rs
@@ -1,11 +1,21 @@
 use crate::error::*;

-use libcryptsetup_rs::{CryptActivateFlags, CryptDevice, CryptInit, KeyslotInfo};
+use libcryptsetup_rs::{CryptActivateFlags, CryptDevice, CryptInit, EncryptionFormat, KeyslotInfo};
 use std::path::Path;

 fn load_device_handle<P: AsRef<Path>>(path: P) -> Fido2LuksResult<CryptDevice> {
    let mut device = CryptInit::init(path.as_ref())?;
-    Ok(device.context_handle().load::<()>(None, None).map(|_| device)?)
+    //TODO: determine luks version some way other way than just trying
+    let mut load = |format| device.context_handle().load::<()>(format, None).map(|_| ());
+    vec![EncryptionFormat::Luks2, EncryptionFormat::Luks1]
+        .into_iter()
+        .fold(None, |res, format| match res {
+            Some(Ok(())) => res,
+            Some(e) => Some(e.or(load(format))),
+            None => Some(load(format)),
+        })
+        .unwrap()?;
+    Ok(device)
 }

 pub fn open_container<P: AsRef<Path>>(path: P, name: &str, secret: &[u8]) -> Fido2LuksResult<()> {
@@ -28,27 +38,27 @@ pub fn add_key<P: AsRef<Path>>(
        device.settings_handle().set_iteration_time(millis)
    }
    let slot = device
-        .keyslot_handle()
-        .add_by_passphrase(None,old_secret, secret)?;
+        .keyslot_handle(None)
+        .add_by_passphrase(old_secret, secret)?;
    Ok(slot)
 }

 pub fn remove_keyslots<P: AsRef<Path>>(path: P, exclude: &[u32]) -> Fido2LuksResult<u32> {
    let mut device = load_device_handle(path)?;
-    let mut handle = device.keyslot_handle();
+    let mut handle;
    let mut destroyed = 0;
    //TODO: detect how many keyslots there are instead of trying within a given range
    for slot in 0..1024 {
-
-        match handle.status(slot)? {
+        handle = device.keyslot_handle(Some(slot));
+        match handle.status()? {
            KeyslotInfo::Inactive => continue,
            KeyslotInfo::Active if !exclude.contains(&slot) => {
-                handle.destroy(slot)?;
+                handle.destroy()?;
                destroyed += 1;
            }
            _ => (),
        }
-        match handle.status(slot)? {
+        match handle.status()? {
            KeyslotInfo::ActiveLast => break,
            _ => (),
        }
@@ -68,6 +78,6 @@ pub fn replace_key<P: AsRef<Path>>(
        device.settings_handle().set_iteration_time(millis)
    }
    Ok(device
-        .keyslot_handle()
+        .keyslot_handle(None)
        .change_by_passphrase(None, None, old_secret, secret)? as u32)
 }
Author	SHA1	Message	Date
shimun	b94f45d1ff	patch secret_gen before obtaing first secret	2020-04-06 23:33:41 +02:00
shimun	c8fb636846	mention clang build dependency	2020-04-06 22:52:15 +02:00
shimun	49e2835f60	enable fido requests to be sent to multiple devices at once	2020-04-06 21:38:11 +02:00
shimun	bb7ee7c1ce	request password only once if possible	2020-04-03 22:02:05 +02:00
shimun	0ba77963d2	update ctap_hmac	2020-04-02 17:22:15 +02:00
shimun	c99d7f562d	support luks2	2020-03-27 20:08:54 +01:00