Skip to content

Commit

Permalink
Obvious password promt (#29)
Browse files Browse the repository at this point in the history
* obvious password promt

* prompt interaction with FIDO device
  • Loading branch information
shimunn authored Feb 8, 2021
1 parent b0404f2 commit 17ca487
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 13 deletions.
2 changes: 1 addition & 1 deletion Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "fido2luks"
version = "0.2.15"
version = "0.2.16"
authors = ["shimunn <[email protected]>"]
edition = "2018"

Expand Down
34 changes: 23 additions & 11 deletions src/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,12 @@ pub fn parse_cmdline() -> Args {
Args::from_args()
}

pub fn prompt_interaction(interactive: bool) {
if interactive {
println!("Authorize using your FIDO device");
}
}

pub fn run_cli() -> Fido2LuksResult<()> {
let mut stdout = io::stdout();
let args = parse_cmdline();
Expand Down Expand Up @@ -109,6 +115,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
} else {
secret.salt.obtain_sha256(&secret.password_helper)
}?;
prompt_interaction(interactive);
let (secret, _cred) = derive_secret(
credentials.ids.0.as_slice(),
&salt,
Expand Down Expand Up @@ -164,23 +171,27 @@ pub fn run_cli() -> Fido2LuksResult<()> {
} => Ok((util::read_keyfile(file)?, None)),
OtherSecret {
fido_device: true, ..
} => Ok(derive_secret(
&credentials.ids.0,
&salt(salt_q, verify)?,
authenticator.await_time,
pin.as_deref(),
)
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?),
} => {
prompt_interaction(interactive);
Ok(derive_secret(
&credentials.ids.0,
&salt(salt_q, verify)?,
authenticator.await_time,
pin.as_deref(),
)
.map(|(secret, cred)| (secret[..].to_vec(), Some(cred)))?)
}
_ => Ok((
util::read_password(salt_q, verify)?.as_bytes().to_vec(),
None,
)),
}
};
let secret = |verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
let secret = |q: &str, verify: bool| -> Fido2LuksResult<([u8; 32], FidoCredential)> {
prompt_interaction(interactive);
derive_secret(
&credentials.ids.0,
&salt("Password", verify)?,
&salt(q, verify)?,
authenticator.await_time,
pin.as_deref(),
)
Expand All @@ -190,7 +201,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
match &args.command {
Command::AddKey { exclusive, .. } => {
let (existing_secret, _) = other_secret("Current password", false)?;
let (new_secret, cred) = secret(true)?;
let (new_secret, cred) = secret("Password to be added", true)?;
let added_slot = luks_dev.add_key(
&new_secret,
&existing_secret[..],
Expand All @@ -215,7 +226,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {
Ok(())
}
Command::ReplaceKey { add_password, .. } => {
let (existing_secret, _) = secret(false)?;
let (existing_secret, _) = secret("Current password", false)?;
let (replacement_secret, cred) = other_secret("Replacement password", true)?;
let slot = if *add_password {
luks_dev.add_key(
Expand Down Expand Up @@ -274,6 +285,7 @@ pub fn run_cli() -> Fido2LuksResult<()> {

// Cow shouldn't be necessary
let secret = |credentials: Cow<'_, Vec<HexEncoded>>| {
prompt_interaction(interactive);
derive_secret(
credentials.as_ref(),
&salt("Password", false)?,
Expand Down

0 comments on commit 17ca487

Please sign in to comment.