3cf5ccf2a0
According to https://rustsec.org/advisories/RUSTSEC-2016-0005.html, rust-crypto is unmaintained. Crates depending on rust-crypto should be ported to other crates. This port replaces rust-crypto with the sha2 implementation of ring, as fido2luks already depends on it via ctap_hmac. Note that it uses an old version of ring, so I used the same version, here.
39 lines
904 B
Rust
39 lines
904 B
Rust
#[macro_use]
|
|
extern crate failure;
|
|
extern crate ctap_hmac as ctap;
|
|
use crate::cli::*;
|
|
use crate::config::*;
|
|
use crate::device::*;
|
|
use crate::error::*;
|
|
use cryptsetup_rs as luks;
|
|
use cryptsetup_rs::Luks1CryptDevice;
|
|
use ring::digest;
|
|
|
|
use std::io::{self};
|
|
use std::path::PathBuf;
|
|
|
|
mod cli;
|
|
mod config;
|
|
mod device;
|
|
mod error;
|
|
mod util;
|
|
|
|
fn open_container(device: &PathBuf, name: &str, secret: &[u8; 32]) -> Fido2LuksResult<()> {
|
|
let mut handle = luks::open(device.canonicalize()?)?.luks1()?;
|
|
let _slot = handle.activate(name, &secret[..])?;
|
|
Ok(())
|
|
}
|
|
|
|
fn assemble_secret(hmac_result: &[u8], salt: &[u8]) -> [u8; 32] {
|
|
let mut digest = digest::Context::new(&digest::SHA256);
|
|
digest.update(salt);
|
|
digest.update(hmac_result);
|
|
let mut secret = [0u8; 32];
|
|
secret.as_mut().copy_from_slice(digest.finish().as_ref());
|
|
secret
|
|
}
|
|
|
|
fn main() -> Fido2LuksResult<()> {
|
|
run_cli()
|
|
}
|